Communication  breakdown  c&w  ^bies  continue  Reining  in  rogues  Our  Faceoff  combatants 

as  the  company  pulls  the  plug  on  some  400  customers  in  1 1  cities.  PAGE  1 6.  debate  whether  rogue  WLANs  can  be  eliminated.  PAGE  41 . 
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A  Wider  Net 


Old  net  start¬ 
ups  never 
die,  they  just 
become 
alumni  clubs 

Packing  them  in 
at  the  ‘Chipcom  prom.' 

■  BY  BOB  BROWN 

As  Fanny  Mlinarsky 
squeezed  her  way  through 
the  crowded  Cambridge 
Hyatt  cocktail  lounge  at  last 
fall’s  Chipcom  reunion, she 
could  hardly  wait  to  reveal 
what  hid  in  the  small  Estee 
Lauder  shopping  bag  in  her 
clutches.  Leaping  at  her 
opportunity  during  a  break 
in  conversation  with  her 
former  manager,  Mena- 
chem  Abraham, she  sprung 
open  the  bag  and  yanked 
out ...  a  circuit  board. 

Of  course,  this  wasn’t  just 
any  board.  Rather,  it  was 
prototype  No.  1  from  an 
Ethermodem.the  very  first 
product  made  by  the 
now-defunct  network 
equipment  maker,  which 
3Com  gobbled  up  about 
eight  years  ago. 

“We  were  20  years  ahead 
of  our  time  with  that  cable 
See  Alumni,  page  16 


Wireless  LAN  worries 

Despite  security  advances,  implementation  and  interoperability  obstacles  loom. 

Ultra  Wideband's 
destiny  up  in  the  air 


■  BY  ELLEN  MESSMER 

This  is  supposed  to  be  the  year 
that  the  industry  addresses  the 
serious  security  shortcomings 
that  are  holding  back  enterprise 
wireless  LAN  rollouts.  But  loom¬ 
ing  implementation  issues  and 
vendor  disagreement  are  rais¬ 
ing  questions  about  just  how 
soon  the  security  dilemma  will 
be  solved. 

The  802.1  li  protocol  for  wire¬ 
less  encryption  is  on  track  to 
become  an  IEEE  standard  by 
June,  but  it  looks  like  existing 
WLAN  customers  seeking  to 
adopt  it  will  need  to  swap  out 
hardware  instead  of  just  upgrad¬ 
ing  software.  In  addition,  Cisco 
and  Microsoft  have  gone  their 
separate  ways  on  a  WLAN  au¬ 
thentication  technology  called 


Protected  Extensible  Authenti¬ 
cation  Protocol  (PEAP),  creating 
a  schism  that  could  result  in  inter¬ 
operability  issues. 

The  802.1  li  protocol  for  shield¬ 
ing  wireless  data  from  over-the-air 
attacks  is  intended  to  replace  the 
Wi-Fi  Protected  Access  (WPA) 
specification  that  the  Wi-Fi  Alli¬ 
ance  put  forward  in  late  2002  as 
an  interim  replacement  for  the 
flawed  Wired  Equivalent  Privacy 
(WEP)  encryption  standard.  But 
however  promising  802.1  li 
seems,  it  won’t  be  as  simple  to 
adopt  as  say,  WPA,  which  only 
called  for  a  software  upgrade. 

Because  of  its  more  intensive 
encryption  processing,  802.1  li 
will  require  an  entirely  new  wire¬ 
less  access  point  in  many  cases. 
That  has  WLAN  vendors  and 
See  WLAN,  page  12 


■  BY  JOHN  COX 

A  decision  at  an  IEEE  meet¬ 
ing  this  week  could  bring 
together  two  factions  battling 
over  a  new  wireless  technol¬ 
ogy.  But  it’s  more  likely  to  drive 
them  to  all-out  market  warfare. 

Cut-throat  capitalism  might 
prove  to  be  the  fastest  and 
most  efficient  way  to  create  a 
de  facto  standard  for  Ultra 
Wideband  (UWB)  wireless 
networking.  Advocates  say 
UWB  could  become  the  wire¬ 


less  equivalent  of  USB  to  link 
an  array  of  mobile  devices 
and  consumer  electronics  at 
distances  up  to  30  feet  and 
at  data  rates  of  up  to  480M 
bit/sec. 

In  corporations,  UWB  could 
become  the  main  way  that 
notebooks  and  PDAs  connect 
with  peripherals  and  share 
multimedia  data  in  an  ad  hoc 
manner. 

The  IEEE  802.15.3a  Task 
Group  (TG3a)  is  charged  with 

See  Ultra  Wideband,  page  10 


High-flying  glory  days  past, 
Microsoft  builds  for  future 


Review 

SSL  VPN 
GATEWAYS 


THE 

BUSINESS  OF 

Microsoft 

First  of  two  parts 


■  BY  JOHN  FONTANA 

Microsoft’s  mettle  has  been 
tested  before,  but  in  the  next  few 
years  the  company  will  face  what 
are  arguably  its  toughest  chal¬ 
lenges  yet. 

These  include: 

•  Finding  growth  opportunities 
to  offset  the  maturing  of  its  operat¬ 
ing  system  and  Office  businesses. 

•  Winning  back  the  trust  of  cus¬ 
tomers  fed  up  with  security  short¬ 
comings  and  what  they  see  as  in¬ 
flexible  licensing  schemes. 

•  Fending  off  stronger  open 


source  competitors  as  the  com¬ 
pany  creates  its  next-generation 
platform,  code-named  Longhorn. 

The  world  has  changed  since 
Microsoft  went  public  in  1986. 
Gone  are  the  days  of  30%  to  50% 
annual  growth  rates  while  chew¬ 
ing  up  competitors.  Over  the  past 
three  years,  the  company  has 
averaged  11.5%  revenue 
growth,  and  its  stock  price  has 
only  gone  up  1%  over  the  the 
past  52  weeks. 

The  company  even  issued  its 
first-ever  dividend  to  stockholders 

See  Microsoft,  page  56 


NetScreen 

wins  our  test  of 
seven  SSLVPN 


Hitnner- 


gateways; 

Nokia  comes  in  a  close 
second. 


Page  43. 


The  NetScreen-SA  5000 
showed  great  application 
support  and  access 
control  mechanisms. 
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TECHNOLOGY 


free  spirit 


guardian  angel 


Visit  ibm.com/pc/satecomputing  periodically  tor  the  latest  intormation  on  sate  and  effective  computing.  Warranty  Information:  For  a  copy  of  applicable  product  warranties,  write  to:  Warranty  Information,  P.O.  Box  12195,  RTP,  NC  27709, 
Attn:  Dept  JDJA/B203.  IBM  makes  no  representation  or  warranty  regarding  third-party  products  or  services.  ‘Prices  do  not  include  tax  or  shipping  and  are  subject  to  change  without  notice.  Reseller  prices  may  vary.  'Requires  download  of  client 
software  Mobile  Intel  Pentium  processors  feature  Intel  SpeedStep®  technology.  With  Intel  SpeedStep,  processor  speed  may  be  reduced  to  conserve  battery  power.  311a,  11b  and  1 1  g  wireless  are  based  on  IEEE  802.11a,  802.11b  and  802  11g, 
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IBM  recommends  Microsoft 
Windows®  XP  Professional 
for  Business. 


With  the  best  data  protection  available  on  a  wireless  notebook,  you 
can  work  where  you  like.  Knowing  there’s  a  power  looking  out  for  you. 

It’s  easy  to  work  wirelessly  when  you  choose  the  exceptional  performance  of  these 
IBM  ThinkPad®  notebook  with  Intel®  Centrino™  mobile  technology.  You’ll  also  get  ttje 
most  secure  PCs  available.  Because  IBM  builds  in  an  extra  layer  of  protection  on  select 
models  for  passwords  and  documents,  making  it  extremely  tough  for  the  unauthorized 
to  access  your  vital  data.  No  one  else  offers  this  level  of  hacker-resistant  hardware  and 
software  security  as  a  standard  feature.  So  feel  free  to  go  where  the  mood  takes  you. 
We’ll  be  right  there  beside  you.  think  prOtGCtiOn 

1  866  426-8174  |  ibm.com/shop/m131 

Save  on  shipping.  Order  online.9 


NEW!  IBM  ThinkPad  R40 

Distinctive  IBM  Innovations: 

•  Access  Connections  -  Easiest  wired  and 
wireless  connectivity 

•  IBM  Embedded  Security  Subsystem  2.0:  - 
Strongest  security  as  a  standard  feature 

System  Features: 

•  Intel  Centrino’’  mobile  technology 

•  Intel  Pentium1  M  processor  1  40GHz 

•  Intel  PRO  Wireless  Network  Connection  802  11bf 

•  Microsoft  Windows  XP  Home  Edition- 

•  14.1  XGATFT  display  (1024x768) 

•128MB  DDR  SDRAM 

•  20GB  hard  drive 

•  Ultrabay  ’'  Plus  CD-ROM 

•  IBM  UltraNav"’  -  TrackPoint  and  touch  pad 

•  1-yr  system/battery  limited  warranty 

s1,179*s 

Recommended  Option: 

•  ServicePac'  Service  Upgrade 
3-yr  Depot  Repair  #3019192  s132 


NavCode  27229FU-M131 


IBM  ThinkPad  T41 

Distinctive  IBM  Innovations: 

•  Access  Connections  -  Easiest  wired  and 
wireless  connectivity 

•  IBM  Embedded  Security  Subsystem  2.0:  - 
Strongest  security  as  a  standard  feature 

System  Features: 

•  Intel  Centrino  mobile  technology 

•  Intel  Pentium  M  processor  1.40GHz 

•  Intel  PRO  Wireless  Network  Connection  802.11b 

•  Microsoft  Windows  XP  Professional 

•  14.1'  XGA  TFT  Display  (1024x768) 

•  256MB  DDR  SDRAM 

•  NEW!  40GB  hard  drive  with  IBM  Hard  Drive 
Active  Protection  System 

•  Ultrabay  Slim  CD-RW/DVD-ROM  combo 

•  Only  1‘  thin’  •  4  5-lb  travel  weight 
•1-yr  system/battery  limited  warranty 

*1,699*  R  NavCode  2378DHU-Mt  31 

Recommended  Option: 

•  ServicePac'  Service  Upgrade:’ 

3-yr  Onsite  Repair/9x5/Next  Business  Day 
Response  #30L91 95  *243 
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problem  turns  out  to  be  a  Customer  Replaceable  Unit  (CRU),  IBM  will  express  ship  the  part  to  you  for  quick  replacement.  Onsite  24x7x2-hour  service  is  not  available  in  all  locations.  For  ThinkPad  notebooks  requiring  LCD  or  other  component 
replacement,  IBM  may  choose  to  perform  service  at  the  depot  repair  center.  ’Standard  shipping  included  when  you  order  online.  U.S.  only.  IBM  reserves  the  right  to  alter  product  offerings  and  specifications  at  any  time,  without  notice.  IBM  is  not 
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Other  company,  product  and  service  names  may  be  trademarks  or  service  marks  of  others.  ©  2004  IBM  Corp.  All  rights  reserved. 
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nortelnetworks.com 


BUSINESS  WITHOUT  BOUNDARIES 


reasons  to  choose  Nortel  Networks  for  your 


IP  telephony  network 


Evolving  to  a  converged  IP  telephony  network  is  not 
a  matter  of  if,  but  when.  Nortel  Networks  can  help  you 
get  there.  Without  disrupting  your  existing  network 
infrastructure. 


Our  telephony  expertise  is  grounded  in  a  recent 
milestone:  50  million  enterprise  telephony  line  shipments. 
The  landmark  line  is  part  of  Sheraton  New  York  Hotel 
and  Towers'  migration  to  IP  telephony  using  Succession 
3.0,  a  solution  that  has  helped  them  cost  effectively 
reinvent  their  enterprise  communications. 


Eliminate  boundaries  and  protect  your  network  investment 
by  migrating  to  converged  IP  telephony  from  Nortel 
Networks.  It's  your  business.  Make  the  most  of  it. 
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News 


NetworkWorld 


■  8  Retailers  spending  on  IT  to  satisfy  demand. 

■  8  Veritas  acquires  utility  computing  company. 

■  10  Verizon  to  spend  S3  billion  on  upgrades,  offerings. 

■  16  More  changes  afoot  ai  Cable  &  Wireless. 

■  57  Microsoft  shelves  aging  software. 


Features 


Fac&off  Can  rogue  wireless  LANs  be  eliminated?  Marvin  Chartoff  of  Unisys  says  yes,  but 
Brian  Boyland  of  Cap  Gemini  Ernst  &  Young  disagrees,  Page  41. 


■  57  IBM  expands  four-way  server  offerings. 


Infrastructure 

■  17  3Com  upgrades  flagship 

switch. 

■  17  Alcatel  beefs  up  switch 
management  pack. 

■  18  Microsoft  releases  first  pub¬ 
lic  beta  of  Win  2003  for  Opteron. 

■  18  Dave  Kearns:  The 

power  of  prognostication. 

■  20  Special  Focus: 

Venerable  IBM  server  carries  on. 

Enterprise 

Applications 

■  23  Users  tackle  Linux 
management. 

■  23  Netriplex  spam  service, 
money-back  guarantee. 

■  26  Scott  Bradner:  The 

Internet  is  not  a  railroad,  or  is  it? 


Technology 

Update 

■  33  SMI-S  unifies  storage-area 
network  management. 

■  33  Steve  Blass:  Ask  Dr. 

Internet. 

■  36  Mark  Gibbs:  Happy  New 
Free  Tools. 

■  36  Keith  Shaw:  Cool  tools, 
gizmos  and  other  neat  stuff. 

Opinions 

■  38  Editorial:  Start-up  looks 
to  leverage  corporate  IM. 

■  39  W.  David 
Stephenson:  Corporate  home¬ 
land  security  a  win-win. 

■  39  Daniel  Briere:  Has  any¬ 
thing  really  changed? 

■  58  BackSpin:  A  dozen  New 
Year's  resolutions. 


Service  Providers 

■  29  Goodbye,  Cisco;  hello, 
Procket:  Roland  Acra  discusses  his 
job  change. 


■  58  Compendium:  Now 

hackers  want  to  mess  with  your 
mind,  too. 

■  52  Career  classifieds. 
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■  32  Johna 
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Blackberry 
sports  a 
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Management 

Strategies 


■  47  Let's  get  physical:  IT  secur¬ 
ity  must  include  locked  doors 

j  premises  pro¬ 
tection,  not  just 
firewalls. 


Review 

SSL  VPN  GATEWAYS 


We  put  seven  SSL  VPN  gateways  to  the  test. 
NetScreen  came  out  on  top  based  on  its  application 
support,  access  control  and  interoperability.  F5, 
Nokia  and  Symantec  were  also  impressive,  Page  43. 
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WorldCom  back  in  government's  good  graces 

■  The  U.S.  government’s  General  Services  Administration  last  week 
lifted  restrictions  against  WorldCom,  better  known  by  its  MCI  brand 
name,  which  prohibited  the  telecom  company  from  bidding  on 
federal  contracts.  The  GSA  placed  MCI  in  its  Excluded  Parties 
Listing  System  last  July  after  the  accounting  scandal  that  forced  the 
company  to  seek  bankruptcy  protection.  At  the  time,  the  GSA  cited 
problems  with  the  company’s  internal  accounting  controls  and 
business  ethics.  Since  then,  the  GSA  has  conducted  an  “exhaustive 
review”  into  the  company’s  business  practices  and  now  has  con¬ 
cluded  that  MCI  has  remedied  its  problems  in  the  two  areas.  The 
GSA,  which  sets  government  procurement  policy  also  had  been 
conducting  debarment  proceedings  against  MCI,  which  would 
have  resulted  in  longer-term  restrictions. 

Changes  in  latitudes 

■  VeriSign  said  last  week  it  is  planning  changes  to  a  DNS  component  that  coordinates 
updates  to  the  .com  and  .net  domains  throughout  the  DNS  system.  The  changes  are 
intended  to  prepare  .com  and  .net  for  more  frequent  daily  updates  of  information  such 
as  address  changes.  Internet  users  and  organizations  managing  Web  sites  on  .com  and 
.net  will  not  notice  the  change, VeriSign  said.  However, some  network  experts  worry  that 
the  change,  which  is  scheduled  for  Feb.  9,  might  have  unanticipated  consequences  that 
could  interrupt  traffic  to  some  .com  and  .net  Web  sites  and  other  online  services. The 
modifications  will  change  the  way  part  of  a  DNS  component  called  the  Start  of 
Authority  Record  is  generated  for  .com  and  .net  domains. The  records  are  used  to  man¬ 
age  areas  of  an  Internet  domain  that  are  controlled  by  a  single  DNS  server.  VeriSign 
Naming  and  Directory  Services  will  change  the  serial  number  format  in  the  .com  and 
.net  zones’ Start  of  Authority  Records.  Currently,  the  serial  number  format  isYYYYMMDD, 
plus  an  additional  two-digit  number  (00  to  99)  that  is  updated  whenever  the  zone  data 
is  updated.  Under  the  new  system,  VeriSign  will  change  the  serial  number  to  a  unique 
value  equal  to  the  number  of  seconds  since  00:00:00  Greenwich  Mean  Time  on  Jan.  1, 
1970.  The  move  will  let  VeriSign  make  better  use  of  its  Advanced  Transaction  Lookup 
and  Signaling  system  to  make  more  frequent  and  efficient  updates  to  .com  and  .net, 
from  the  current  system  of  two  daily  updates. 

CRM  buys  shrink  market  by  two 

■  Two  acquisitions  announced  last  week  continue  the  CRM  market  consolidation  that’s 
been  going  on  the  past  few  years  and  highlight  the  importance  of  adding  a  personal 
touch  to  companies’  online  customer  service  efforts.  Both  acquisitions  pair  a  knowledge 
management  tools  vendor  with  a  Web  collaboration  technology  vendor.  CRM  suite  ven¬ 
dor  Kana  is  acquiring  Hipbone,  which  specializes  in  online  customer  service  technolo¬ 
gies  such  as  co-browsing,  file  sharing  and  chat,  for  an  undisclosed  amount.  Meanwhile, 
LiveBerson,  which  makes  chat,  e-mail  management  and  customer  self-service  software, 
acquired  some  of  Island  Data’s  assets  —  specifically  its  knowledge  management  tech¬ 
nologies  —  in  a  $3  million  stock  and  cash  transaction.  Kana  plans  to  integrate  Hipbone’s 
chat  and  co-browsing  features  into  its  iCare  suite,  which  includes  knowledge  manage¬ 
ment,  e-mail  marketing,  call  center,  marketing  and  analytics  applications.  Kana  also  will 
continue  to  offer  Hipbone  as  a  stand-alone  product,  the  company  says.  For  its  part, 
LiveBerson  acquired  Island  Data’s  Express  Response,  a  hosted  knowledgebase  and  fre¬ 
quently  asked  questions  service.  Existing  Express  Response  customers  —  which  include 
Adobe,  Canon  U.S.A.and  Cox  Communications  —  will  be  transferred  to  LivePerson. 


Th  Good  ieBad  rhi  Ugly 


Web  Silver.  Tim 

Berners-Lee,  inventor  of  the 
Web  and  director  of  the  World 
Wide  Web  Consortium,  has 
been  knighted  by  Queen 
Elizabeth  in  honor  of  his 
efforts.  Berners-Lee,  a  British 
citizen  who  lives  in  the  U.8., 
said,  "I  accept  this  as  an 
endorsement  of  the  spirit 
of  the  Web;  of  building  it 
in  a  decentralized  way;  of 
making  best  efforts  to  keep  it 
open  and  fair;  and  of  ensuring 
its  fundamental  technologies  are 
available  to  all  for  broad  use  and 
innovation,  and  without  having 
to  pay  licensing  fees."  > 


NOAH  Z.  JONES 


Britney  tops  the  Web  charts.  Something  seems  very  wrong 
about  the  fact  that  just  as  Berners-Lee  is  being  knighted,  Google  announces  that 
Britney  Spears  was  the  most  searched-for  subject  on  the  Web  in  2003.  And  of 
course  her  Las  Vegas  marriage-then-annulment  to  start  the  year  should  keep  her 
hot  for  a  least  a  bit  longer. 


Wi-Fi  goes  Hollywood.  The  folks  at  the  Wi-Fi  Alliance  must  have  been 
thrilled  when  detectives  from  the  "CSI:  Miami"  TV  show  were  chatting  away  on  the 
topic  during  an  episode  earlier  this  month.  That  was  until  it  turned  out  a  murder 
victim  was  found  to  have  been  surreptitiously  using  the  technology  from  his  office 
to  tap  into  an  access  point  across  the  street  to  avoid  the  spyware  his  company 
installed  to  keep  track  of  employees.  Turns  out  he  was  soliciting  hookers  from  one 
of  those  sorority  Webcam  sites. 


IBM  continues  Linux  lovefest 

■  IBM  Chairman  and  CEO  Sam  Palmisano  has  challenged  his  company  to  move  to 
the  Linux  desktop  over  the  next  two  years,  according  to  an  internal  memo  from  IBM 
CIO  Bob  Greenberg. “Our  chairman  has  challenged  the  IT  organization  and  indeed 
all  of  IBM  to  move  to  a  Linux-based  desktop  by  the  end  of  2005,”  Greenberg  wrote. 
“This  means  replacing  productivity,  Web  access  and  viewing  tools  with  open  stan- 
dards-based  equivalents.”  The  company  has  formed  a  new  initiative  called  the  Open 
Desktop  project  office  to  facilitate  the  move,  which  will  involve  contributions  from 
Greenberg’s  office  and  from  IBM’s  software  and  research  groups,  according  to 
the  memo. 

RFID  to  gain  strength 

■  Retail  spending  on  radio  frequency  identification  technology  will  increase  more 
than  tenfold  over  the  next  four  years,  according  to  projections  announced  last  week 
by  lDC.The  research  firm  predicts  RFID  spending  for  the  U.S.  retail  supply  chain  will 
grow  from  $91.5  million  in  2003  to  nearly  $1.3  billion  in  2008.  Mandates  for  RFID  tag¬ 
ging  from  Wal-Mart  Stores  and  the  U.S.  Department  of  Defense  will  drive  this  acceler¬ 
ated  spending  —  but  it  won’t  be  sustained,  IDC  says.  Once  manufacturers’  and  dis¬ 
tributors’  initial  deployments  are  complete,  RFID  spending  will  level  off  as  the  indus¬ 
try  prepares  itself  for  the  next  wave  of  RFID:  item-level  tagging. 

Big  Blue  trims  workforce 

■  IBM  said  last  week  it  has  cut  about  300  U.S.-based  software  jobs  and  100  positions  in 
its  services  division. The  job  cuts  come  as  part  of  an  effort  to  reduce  costs  and  empha¬ 
size  other  areas  such  as  software  telesales  and  technical  sales,  IBM  said.  The  300  soft¬ 
ware  job  cuts  represent  less  than  1%  of  IBM’s  38,000  worldwide  software  positions. 


COMPUWARE 


THE  POWER  TO  Create,  Confirm,  Control 

Software  and  services  from  Compuware  help  create  applications  that  move  into  action  faster. 
Solutions  for  development,  quality  assurance  and  operations  let  you  confirm  efficient 
deployment  and  ongoing  availability  with  confidence.  Achieve  control  over 
application  performance  and  exceed  the 
quality  your  end  users  demand — now. 
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Holiday  rush  pushes  retailers  to  spend 

National  Retail  Federation  to  showcase  aisles  of  wares  to  improve  operations. 


■> 

IT  purchasing  rationale 

Retailers  say  revenue  growth  is  the  primary 
justification  for  new  software  investments,  according 
to  an  AMR  Research  survey  of  67  retail  IT  executives. 

Top  benefits  used  to  justify  software  investments  are: 

Generate  additional  revenue 


Improve  store  operations,  make  associates  more  productive  and  stay  longer 


48% 


Reduce  IT  maintenance  costs 


47% 


Improve  quality  of  business  decisions,  such  as  assortment  planning  and  pricing 


46% 


Reduce  cost  of  goods 


45% 


Reduce  IT  infrastructure  cost 


44% 


Note:  Multiple  responses  were  allowed. 


v _  J 


a  BY  ANN  BEDNARZ 

Flush  from  a  strong  holiday 
shopping  season,  retailers  are 
gathering  this  week  in  New  York 
to  hear  about  a  slew  of  tech¬ 
nologies  aimed  at  helping  them 
improve  in-store  and  online 
operations. 

The  National  Retail  Federa¬ 
tion’s  (NRF)  annual  conference 
and  exposition  will  feature  about 
350  exhibitors  and  dozens  of 


December  2002 

Jareva  Technologies.  OpForce 

server  provisioning  software. 


educational  sessions  focused  on 
retaining  customers,  improving 
supply  chains  and  increasing 
margins.  NRF  expects  12,000 
attendees. 

Analysts  expect  retailers  to  be 
in  buying  mode  this  year,  even 
though  their  IT  budgets  are  ex¬ 
pected  to  remain  relatively  flat. 
Budgets  are  predicted  to  grow 
modestly  from  an  average  of 
2.75%  last  year  to  2.88%  this  year, 
according  to  AMR  Research. 


January  2004 

Ejasent.  UpScale  application 
availability  and  automation  software; 
MicroMeasure  chargeback  and 
reporting  software. 


However,  pent-up  demand  for  IT 
upgrades  —  to  newer  point-of- 
sale  systems,  for  example  — 
might  accelerate  some  spending. 

“With  last  years  economy  not  as 
good  as  everyone  had  hoped, 
some  technology  decisions  were 
delayed,” says  Sunita  Gupta, a  vice 
president  at  retail  management 
consulting  firm  LakeWest  Group. 
“But  there  comes  a  time  when 
retailers  have  to  move  forward, 
especially  the  ones  that  have  soft¬ 
ware  and  hardware  that  is  eight 
or  nine  years  old.” 

In  addition,  healthy  holiday 
sales  may  kick-start  spending. 

Holiday  online  shopping  tallies 
surged  to  $12.5  billion  during  the 
period  from  Nov.  1  through  Dec. 
31  —  a  30%  increase  over  last 
year,  according  to  Internet  track¬ 
ing  firm  comScore  Networks. 

In-store  sales,  too,  were  upbeat 
at  some  big  retailers.  Best  Buy  last 
week  announced  a  9.3%  increase 
in  December  store  sales  over  last 
year,  and  Wal-Mart  and  Target  re¬ 
ported  store  sales  up  4.3%  and 
4.1%,  respectively  for  that  period. 

At  the  NRF  show,  Gupta  predicts 
retailers  will  be  on  the  lookout  for 
POS  products,  radio  frequency 
identification  (RFID)  technology 
and  a  variety  of  specialty  software 
products  for  tasks  such  as  mer¬ 
chandise  planning,  forecasting 
and  replenishment. 

“POS  continues  to  be  on  CIOs’ 
minds,”  Gupta  says.  In  Lake  West’s 
annual  POS  benchmarking  sur¬ 
vey  released  last  week,  37%  of  re¬ 
spondents  said  they  plan  to  re¬ 
place  their  POS  hardware,  and 
38%  plan  to  replace  their  POS 
software,  within  the  next  two 
years.  “That  means  they’re  going 
to  be  out  there  looking,”  Gupta 
says. 

As  for  RFID,  most  retailers  are 
more  interested  in  browsing  than 
buying  at  this  point, she  says. 

AMR  Research  recommends 
retailers  focus  their  IT  invest¬ 
ments  in  four  key  areas:  customer¬ 
facing  technology  that  enables 
more-interactive  selling;  analytic 
tools  that  project  the  impact  of 
merchandising,  pricing  and  pro¬ 
motion  decisions;  pricing-man¬ 
agement  tools  that  track  product 
and  pricing  strategies  from  intro¬ 
duction  through  final  closeout; 
and  sourcing  technologies  that 
let  retailers  adjust  manufacturing 
and  supply-chain  strategies  based 
on  consumer  demand  changes. 

In  addition,  AMR  suggests  work¬ 


force  optimization  tools  can  yield 
labor  and  scheduling  efficien¬ 
cies.  Retailers  currently  allocate 
32%  of  their  store  operations  bud¬ 
get  to  workforce  management 
applications,  according  to  the 
research  firm. 

New  products  being  unveiled 
at  the  NRF  show  align  well  with 
these  areas,  such  as: 

•  Marketing  assistance:  Blue 
Martini  is  expected  to  announce 
Messages@POS,an  in-store  selling 
application  for  retailers  that  deliv¬ 
ers  personalized  marketing  mes¬ 
sages  to  customers  at  POS. 
Triggered  by  the  purchase  of  a 
particular  brand  or  spending 
amount,  the  messages  might  pro¬ 
mote  store  events,  new  merchan¬ 
dise  or  special  offers. 

•  Pricing  expertise:  4R  Systems 
is  expected  to  unveil  MaxOut,  an 
optimization  tool  designed  to 
help  retailers  identify  the  most 
profitable  end-of-life  merchandis¬ 
ing  tactics,  such  as  markdown, 
consolidation  and  liquidation. 

•  Inventory  tools:  Retail  Tech¬ 
nologies  International  will  dem¬ 
onstrate  the  latest  version  of  its 
Retail  Pro  store  management  soft¬ 
ware,  due  out  this  month.  New 
features  —  such  as  serial  number 
tracking  and  multi-vendor  item 
identification  —  are  aimed  at 


helping  retailers  better  manage 
and  track  their  inventory 
•  Workforce  efficiencies:  POS 
and  back-office  software  maker 
360Commerce  in  December 
acquired  Simplified  Workforce 
Solutions  for  its  workforce  man¬ 
agement  software,  which  is 
designed  to  help  companies  con¬ 
trol  labor  costs  and  reduce  em¬ 
ployee  turnover.  The  first  integrat¬ 
ed  products  will  be  on  display  at 
NRp the  company  says.  ■ 


\  I  / 


■  THIS  WEEK’S  QUESTION: 

New  Motorola 
Chairman  and  CEO  Ed 
Zander  formerly  served 
as  president  of  which 
computer  company? 

Stumped?  Get  the  answer  online. 

Visit  Network  World  Fosion  and  enter 
2349  in  the  Search  box. 

www.nwfusion.com 
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Precise  Software  Solutions.  Application 
performance  management  software. 


Veritas  buys  utility 
computing  company 

■  BY  DENI  CONNOR 

Veritas  Software  last  week  shored  up  its  utility  computing  vision 
with  a  $59  million  buyout  of  Ejasent,  a  5-year-old  vendor  of  applica¬ 
tion  virtualization  software. 

Ejasent  makes  software  to  non-disruptively  move  applications  from 
server  to  server  based  on  rules  set  by  an  IT  manager.  It  also  offers 
chargeback  software, an  essential  part  of  any  utility-computing  imple¬ 
mentation  in  that  it  lets  customers  be  charged  for  their  actual  use  of 
assets. 

Eric  Ubels,  CIO  for  international  accounting  firm  Deloitte  in 
Amsterdam,  uses  Veritas  Cluster  Server  and  is  familiar  with  Ejasent’s 
products. 

“Ejasent  can  virtualize  clusters  and  make  applications  that  are  not 
cluster-aware,  basically  cluster-aware,  which  is  very  interesting,”  he  says. 
“If  you  have  to  do  maintenance  on  a  machine,  you  can  automatically 
transfer  the  application  to  another  machine,  do  the  maintenance  and 
then  transfer  it  back.” 

Ejasent’s  products  fit  with  Veritas’  other  products,  including  those 
obtained  from  earlier  acquisitions  of  Jareva  Technologies  and  Precise 
Software  Solutions  (see  graphic). 

A  company  using  Veritas  Cluster  Server  could  monitor  its  systems’ 
performance  and  capacity  with  Precise’s  i3  software,  provision  more 
resources  with  Jareva’s  OpForce  software  and  shift  around  applica¬ 
tions  using  Ejasent’s  UpScale.  Ejasent's  MicroMeasure  could  be  used 
to  charge  back  departments  for  resource  use. 

Veritas  initially  will  sell  the  Ejasent  products  as  they  are,  but  by  mid- 
2005  plans  to  have  UpScale  integrated  with  Veritas  Cluster  Server  and 
MicroMeasure  bundled  with  its  Command  Central  product.  ■ 

Savvy  shopper 

Veritas  has  acquired  a  handful  of  companies  whose 
technologies  are  designed  to  help  customers  make  computing 
resources  available  to  end  users  and  applications  as  needed. 


HOW  CLOSE  ARE  YOU  TO  THE 
NEXT  GENERATION  OF  NETWORKING? 

THE  ANSWER  IS  JUST  BENEATH  THE  SURFACE 

Within  your  desktops,  notebooks,  switches  and  servers  are  chips  enabling  your  business  to  operate  in  real  time,  delivering  Gigabit  speed  both 
reliably  and  securely.  When  the  top  10  computer  and  networking  equipment  brands  need  unsurpassed  performance,  they  turn  to  us.1  Broadcom'"1  chips 
are  two  to  three  times  faster  than  the  closest  competitor’s  in  delivering  network  throughput  on  your  demanding  applications.2  Whether  you’re  wired  or 
wireless,  networking  hardware  built  with  Broadcom  technology  ensures  the  devices  you  use  today— as  well  as  those  you  add  tomorrow— will  connect 
easily  and  seamlessly  across  air,  fiber  and  copper. 


Learn  how  building  upon  Broadcom  chips  end-to-end 
can  provide  you  with  faster  network  performance. 
Download  the  first  two  chapters  of  our  new  e-book 
“Architecting  Next-Generation  Networks”  now  at 

www.networkworld.gobroadcom.com/ebook 
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Verizon  to  spend 
$3  billion  on 
broadband  offerings 

■  BY  JIM  DUFFY 


Verizon  last  week  said  it  would  spend  $3  billion  over  the  next  two 
years  to  bring  broadband  networks  to  the  mass  market. 

The  investment  will  include  two  network  expansions  and  the  rollout 
of  a  service  and  product  to  help  businesses  and  residences  integrate 
and  manage  disparate  communications  devices  and  applications. 

The  new  service, called  iobi,  is  designed  to  utilize  the  carrier’s  wireline, 
wireless,  data  and  IP  networks  to  link  a  customer’s  various  communica¬ 
tion  devices  into  a  customized  personal  communications  network. 

It’s  intended  to  let  customers  manage  phone  calls,  voice  mail,  calen¬ 
dars,  address  books  and  e-mail  using  wireline  and  wireless  phones, 
computers,  laptops  and  PDAs.  For  example,  what  someone  sends  as  a 
voice  message  from  a  landline  or  cell  phone  can  be  received  as  an 
e-mail  or  text  message  on  a  PDA  or  laptop,  or  redirected  to  a  different 
phone  line.  The  service  can  locate  customers  and  customize  commu¬ 
nications  delivery  based  on  preference  or  time  of  dayVerizon  says. 

Verizon  will  introduce  iobi  later  this  year. 

A  new  product  called  Verizon  One  combines  a  DSL  modem  and 
wireless  router  with  a  touch-screen  computer  and  a  cordless  tele¬ 
phone,  and  is  configured  for  the  iobi  service. 

Customers  can  use  Verizon  One  to  call  with  one  click  from  their 
address  book  or  online  directory  assistance;  view  information  from  var¬ 
ious  news,  weather  or  entertainment  sources;  scroll  through  Verizon 
SuperPages.com  to  look  up  and  call  phone  numbers;  leave  text  mes¬ 
sages;  manage  calls;  schedule  call  forwarding;  and  manage  contact 
lists  and  calendars. 

Verizon  plans  to  introduce  a  version  of  Verizon  One  later  this  year. 

The  network  expansions  involve  Verizon’s  wireless  and  wireline  net¬ 
works.  Verizon  Wireless  will  expand  its  3G  mobile  data  Broad- 
bandAccess  network  nationwide  over  the  next  two  years.  In  addition  to 
its  ongoing  annual  capital  investment, Verizon  will  invest  an  additional 
$1  billion  over  the  next  two  years  to  further  deploy  its  Evolution-Data 
Optimized  (EV-DO)  broadband  technology 

BroadbandAccess  is  based  on  Code  Division  Multiple  Access  tech¬ 
nology  and  boasts  average  user  speeds  of  300K  to  500K  bit/sec.The  ser¬ 
vice  will  be  available  to  business  and  individual  customers  in  portions 
of  the  Verizon  Wireless  network  this  summer  and  in  additional  markets 
through  2005,  the  carrier  says. 

Verizon  says  it  also  will  accelerate  the  evolution  of  its  nationwide 
wireline  network  to  packet-switching  technology  Earlier  this  week, 
Verizon  announced  that  it  has  selected  Nortel  to  supply  VoIP  equip¬ 
ment  for  both  local  and  long-distance  applications. 

The  company  says  it  will  create  the  nation’s  largest  converged  IP  net¬ 
work.  In  this  effort,  the  carrier  has  invested  $55  billion  in  its  network 
infrastructure  since  2000. 

“Verizon  is  largely  responding 
to  AT&T  Wireless’  nationwide 
launch  of  EDGE  [Enhanced  Data 
Rates  for  Global  Evolution],  the 
proliferation  of  Wi-Fi  from  the 
likes  of  T-Mobile  and  others,  and 
Sprint’s  intimation  that  it  intends 
to  launch  EV-DO  in  the  next  sev¬ 
eral  years,  all  while  the  competi¬ 
tion  clamors  for  core  enterprise 
customers,”  Eddie  Hold  and 
Jeffrey  Rickard  of  Current  Analy¬ 
sis  said  in  a  recent  report  on 
Verizon’s  plans. 

Cingular  Wireless,  which  SBC 
and  BellSouth  operate  jointly,  is 
also  evolving  its  network  toward 
a  3G  infrastructure  based  on 
EDGE.  ■ 


More  online! 

It's  magical.  The  moment  when  data,  voice 
and  video  integrate  across  your  network 
and  suddenly  the  benefits  become  real: 
employees  more  connected,  information 
more  accessible  and  customers  more  sat¬ 
isfied.  Learn  how  at  Network  World's  first 
Technology  Tour  for  2004! 
DocFinder  9226 


Head  to  head 

Two  factions  will  joust  at  an  IEEE  task  group  meeting 
overdevelopment  of  an  Ultra  Wideband  (UWB)  standard 
to  provide  to  high-bandwidth  wireless  links  for 
personal-area  networks. 

Multiband 


Backers 

Technology 

Status 

36-member 
MultiBand  OFDM 
Alliance  (includes 
Fujitsu,  HP,  Intel, 
Nokia  and  Texas 
Instruments). 

Subdivide  UWB  spectrum  into 
smaller  chunks,  hopping 
between  them  to  minimize 
interference;  modulate  with 
OFDM  (as  in  the  802.11a  and 
802.11g  WLAN  standards)  to 
improve  transceiver  sensitivity. 

Backed  by  about  60%  of  IEEE  task 
group  voting  members;  needs  75%  to 
be  adopted  as  the  basis  for  the  3a 
standard;  MBOA  plans  to  publish  its 
specification  in  February  and  members 
expect  to  build  products  based  on  it 
for  early  2005. 

Direct  Sequence 


Backers 

Technology 

Status 

Motorola  (and 
Xtreme  Spectrum, 
now  a  Motorola 
unit),  and  Digital 
Signal  Processor 
vendor  Ceva 
(formerly 
ParthusCeva). 

Divide  UWB  spectrum  into  two 
big  chunks;  modulate  using  a 
CDMA-like  technique  —  direct 
sequencing  spread  spectrum  — 
to  give  high  performance  for 
many  users  in  a  given  band; 
resists  interference  well. 

The  Motorola/Xtreme  UWB  chipset 
was  used  by  Samsung  last  week  at 
the  Consumer  Electronics  Show  to 
transmit  three  HDTV  video  streams 
at  the  same  time  at  114M  bit/sec, 
using  less  than  200  milliwatts  of 
power. 

Ultra  Wideband 

continued  from  page  1 

crafting  a  high-speed,  physical- 
layer  standard  for  handling  wire¬ 
less  multimedia  traffic.The  parent 
802.15  group  is  developing  stan¬ 
dards  for  so-called  personal-area 
networks,  including  those  based 
on  two  other  wireless  technolo¬ 
gies,  Bluetooth  and  Zigbee.  Task 
Group  3a  members  earlier  this 
year  winnowed  23  proposals 
down  to  two,  both  based  on  UWB 
(see  graphic).  About  60%  have 
voted  in  three  meetings  for  one 
proposal,  from  the  MultiBand 
OFDM  Alliance  (MBOA).  In 
effect,  40%  prefer  the  DS  propos¬ 
al.  But  any  proposal  needs  75%  to 
be  adopted. 

The  task  group  has  been  dead¬ 
locked  since  July,  acknowledges 
Bob  Heile,  who  chairs  the  TG3a 
and  802.15  groups.“We  have  two 
positions  that  are  both  claiming 
to  best  satisfy  the  market  require¬ 
ments,  and  no  ability  to  prove 
[their  claims]  one  way  or  the 
otherf  he  says. 

UWB’s  roots  go  back  nearly  40 
years.  Until  recently,  UWB  has 
been  limited  mainly  to  classified 
defense  communications  and  to 
systems  such  as  ground-penetrat¬ 
ing  radar  or  wall-penetrating 
imaging.  Then,  in  early  2002,  the 
FCC  ruled  that  UWB  radios  could 
run  on  a  given  chunk  of  public 
spectrum  (3.1  to  10.6  GHz)  under 
strict  limits. 

Conventional  radios,  such  as 
those  in  WLANs,  have  a  single 
radio  signal  called  a  carrier  wave 
that  beams  over  a  specified  fre¬ 
quency  By  contrast,  UWB  doesn’t 
use  a  carrier  wave:  instead  it  uses 
short  pulses  of  energy  and 
spreads  them  over  a  range  of  fre¬ 
quencies  using  well-known  mod¬ 
ulation  techniques  such  as 
orthogonal  frequency  division 
modulation  (OFDM)  or  direct  se¬ 
quencing.  These  two  techniques 
are  the  basis  of  the  rival  proposals 
offered  to  TG3a.  In  both  cases, 
advocates  say  the  result  is  very 
high  bandwidth,  very  low  power, 
and  relatively  simple  and  inex¬ 
pensive  radios. 

Competing  proposals 

MBOA  is  a  group  of  about  40 
vendors  including  most  of  the 
world’s  biggest  makers  of  semi¬ 
conductors,  consumer  electron¬ 
ics  and  computers. 

The  MBOA  proposal  divides  the 
UWB  spectrum  into  at  least  three 
bands,  and  uses  OFDM  to  create 
numerous,  narrow  channels  with¬ 
in  these,  and  to  “hop”  between 
them.  “If  you  break  up  the  spec¬ 
trum  into  500-MHz  chunks,  it  sim¬ 


plifies  the  [radio]  architecture 
and  lets  you  use  CMOS  [silicon 
technology],”  says  Mark  Bowles, 
vice  president  of  marketing  for 
UWB  start-up  Staccato  Communi¬ 
cations,  and  a  co-founder  of 
MBOA.  OFDM  is  touted  for  its  effi¬ 
ciency  in  capturing  radio  energy 
especially  useful  when  the  energy 
reflects  off  various  surfaces  and 
hits  the  receiving  antenna  out  of 
phase,  causing  interference. 

The  second  proposal,  called 
Direct  Sequencing,  is  based  on 
technology  created  by  Xtreme 
Spectrum,  which  Motorola  ac¬ 
quired  in  November. 

This  approach  uses  a  technique 
called  direct  sequence  spread 
spectrum,  which  lets  many  trans¬ 
missions  share  the  same  fre¬ 
quency  ranges. 

Among  other  things,  this  makes 
it  easier  for  many  small  groups 
(called  piconets)  of  UWB  de¬ 
vices  to  link  with  each  other.  Ad¬ 
vocates  say  this  approach  will 
cause  less  interference  with  exist¬ 
ing  licensed  spectrum  users  than 
MBOAs  proposal. 

Last  week  at  the  Consumer 
Electronics  Show  in  Las  Vegas, 
Samsung  demonstrated  stream¬ 
ing  HDTV  signals  over  a  UWB  link 
based  on  the  Motorola  Xtreme 
Spectrum  chipset.  Samsung  also 
is  a  member  of  the  MBOA. 

This  week,  members  of  Task 
Group  3a  likely  will  vote  again  on 
whether  to  adopt  MBOA.  No  one 
seems  to  think  the  proposal  will 
gain  the  needed  75%.  Task  force 
members’  patience  seems  to  be 
running  thin  with  the  lengthy 
process. 


Waste  of  time? 

“If  we  don’t  see  any  headway  I 
question  how  much  longer  com¬ 
panies  will  continue  to  send  peo¬ 
ple,”  says  Mark  Fidler,  senior  engi¬ 
neering  scientist  with  HP’s  imag¬ 
ing  and  printing  systems  group, 
and  a  TG3a  participant.  HP  is  an 
MBOA  member.  The  Singapore 
meeting  in  September  was  a 
“complete  and  utter  waste  of  my 
time,”  he  says. 

MBOA  plans  to  publish  its  own 
UWB  specification  next  month. 
Members  will  start  building  prod¬ 
ucts  based  on  that  specification, 
says  Stephen  Wood,  who  oversees 
UWB  strategy  for  Intel.  “There’s 
very  aggressive  work  being  done 
in  MBOA,” he  says.“And  upcoming 
announcements  will  reflect  this.” 

Motorola  won’t  sit  idle  either. 
“We  need  to  work  with  the  com¬ 
panies  that  need  a  [UWB]  solu¬ 
tion  now,  before  a  standard  [is 
final],” says  John  Barr,  director  of 
standards  realization  for  Motor¬ 
ola.  “No  MBOA  members  have  a 
product  they  can  give  to  cus¬ 
tomers  to  run  and  test.” 

The  IEEE  could  go  ahead  with 
both  proposals,  but  that’s  not  an 
idea  that  many  like.  “Two  [physi¬ 
cal]  layers?  That’s  a  cop-out  be¬ 
cause  we  couldn’t  make  up  our 
minds,”  HP’s  Fidler  says. 

Heile,  a  veteran  of  IEEE  battles, 
seems  unruffled.'The  folks  on  the 
802.1  lg  [WLAN]  group  fought 
like  dogs  for  two  years,"  he  says. 
“We’ve  only  been  at  this  for  six 
months.  We’ve  got  a  ways  to  go.”B 
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Server  blades  engineered  to  work 
across  complex  computing  environments. 


HP  ProLiant  server  blades,  powered  by  Intel  Xeon™  processors,  are  designed  to  support  a  variety  of  robust  enterprise 
solutions,  including  SANs.  It  is  not  difficult  to  appreciate  the  architectural  excellence  of  the  new  HP  ProLiant  BL40p  and  BL20p  G2  server  blades, 
They're  the  most  powerful,  flexible,  industry-standard  blades  for  business  today.  In  addition  to  meeting  your  company's  expanding  needs  for  server  capacity, 
they're  designed  with  SAN  connectivity  to  support  sophisticated  storage  environments  — easily,  reliably  and  affordably.  Combined  with  HP  ProLiant  Essentials 
software,  they  can  dramatically  reduce  deployment  time  and  help  maximize  productivity.  Which  means,  of  course,  your  business  saves  money.  Demand  more 
from  your  IT  systems.  Integrate  HP  ProLiant  server  blades  into  your  environment.  And  carry  your  business  to  a  stronger,  more  cost-effective  place. 


I  HP  ProLiant  BL20p  G2 

I  Up  to  two  Intel®  Xeon™  processors  DP  3.20GHz 

I  Available  with  three  10/100/1000  NICs  and 
I  one  management  NIC  plus  dual  2Gb  fibre 
I  channel  mezzanine  card 

J  Up  to  8GB  DDR  memory 

!  Optional  Rapid  Deployment  Pack 
I  software  allows  for  quick  multi-server  deployment 


Complements  ProLiant 
server  blades 


HP  MODULAR  SMART 
ARRAY  1000 


ProLiant  servers  and  the  MSA1000 
have  been  engineered  to  work 
better  together.  To  safely  migrate 
data  in  a  SAN  environment,  simply 
remove  ProLiant  drives  and  insert 
them  into  the  MSA1000. 


invent 


Demand  more  with  HP  ProLiant  server  blades.  Download  IDC's  white  paper,  "Enabling  Business  Agility  Through 
Server  Blade  Technology"  at  www.hp.com/go/proliantl5  or  dial  1*800-282*6672,  option  5  and  mention  code  AKWY. 


Intel,  Intel  Inside,  the  Intel  Inside  Logo  and  Intel  Xeon  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  ©  2003  Hewlett-Packard  Development  Company,  L.P. 
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WLAN 

continued  from  page  1 

customers  discussing  migration 
strategies  as  “802.1  li-upgrade- 
able”  access  points  start  to  hit  the 
market  in  advance  of  the  stan¬ 
dard’s  completion. 

“This  is  a  huge  issue  right  now;” 
says  Jon  Allen,  coordinator  of  IT 
security  at  Baylor  University  in 
Waco,  Texas,  which  has  a  cam¬ 
puswide  WLAN  based  on  Enter- 
asys  Networks  gear.  “It’s  very  im¬ 
portant  that  with  limited  univers¬ 
ity  funds  we  not  get  dead-ended 
with  hardware.” 

Baylor  wants  to  expand  its 
WLAN  campus  network  and  still 
be  prepared  to  adopt  802.1  li 
security  as  soon  as  possible  after 
the  standard  is  approved.  The 
older  Enterasys  R2  model  of 
WLAN  equipment  that  Baylor 
uses  might  be  able  to  support 

802.1  li  through  a  swap-out  of 
radio  and  chipset,  but  it  might 
not.  Enterasys  “can’t  guarantee  it 
until  the  standard  is  set,”  Allen 
says. 

This  uncertainty  is  forcing  Bay¬ 
lor  into  a  wait-and-see  approach 
as  regards  802.1  li,  which  uses 
the  128-bit  government-sanc¬ 
tioned  Advanced  Encryption 
Standard  (AES),  approved  by  the 
National  Institute  of  Standards 
and  Technology  as  the  replace¬ 
ment  for  the  Digital  Encryption 
Standard. 

Vendor  warnings 

And  this  uncertainty  is  prompt¬ 
ing  vendors  —  which  don’t  want 
to  see  the  market  for  WLAN 
equipment  dry  up  as  everyone 
waits  on  the  finalization  of 

802.1  li  based  on  AES  —  to 
explain  their  migration  strate¬ 
gies. 

Enterasys  says  its  new  model 
AP  3000,  which  is  set  to  ship  next 
month,  will  be  based  on  more 
powerful  hardware  that  can 
operate  in  “dual-mode”  WPA/ 


More  online! 


Check  out  the  latest  roster  of  on-demand 
Webcasts  covering  network  management, 
security,  remote  access,  data  centers  and 
more!  All  Webcasts  offer  fully  searchable, 
clickable  agendas  24-7  from  your 
desktop. 
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WLAN  security 
advances 

Here’s  how  802.11i 
improves  upon  the  Wired 
Equivalent  Privacy  (WEP) 
and  Wi-Fi  Protected 
Access  (WPA)  protocols. 

•  40-bit  and  even  104-bit 
WEP  can  be  broken 
through  various  brute- 
force  attacks  to  determine 
the  WEP  key;  128-bit 
Advanced  Encryption 
Standard  in  802. 11i  is  not 
known  to  be  breakable. 

•  Flaws  in  WEP's  key¬ 
scheduling  algorithm  allow 
for  cracking  keys  and 
injecting  packets  into  WEP 
streams;  theTemporal  Key 
Integrity  Protocol  (TKIP) 
in  802. 11i  is  designed  to 
improve  key  management. 

•  WPA,  created  in  late  2002 
by  the  Wi-Fi  Alliance,  adds 
TKIP  to  WEP  as  an  interim 
fix  for  better  security  prior 
to  802.1 1  i  being  finalized. 


WEP  and  802.1  li  draft-compliant 
AES.“The  chipsets  of  the  older  R2 
were  never  made  to  support  the 
type  of  key  technology  in 

802.1  li,”  says  Jeff  Manning,  mar¬ 
keting  manager  for  wireless  at 
Enterasys. 

Cisco  and  Intel,  also  big  back¬ 
ers  of  802. Hi,  agree  that  the 
emerging  standard  will  require  a 
new  generation  of  WLAN  equip¬ 
ment  and  that  customers  need 
to  be  aware  of  that. 

“You  want  to  install  the  access 
point  once,  not  twice,”  says  Dun¬ 
can  Glendinning,  wireless  pro¬ 
gram  manager  for  Intel’s  mobile 
platforms  group.  “The  change  is 
the  AES  encryption,  which  takes 
a  lot  more  computing  power.” 

Intel  —  which  uses  WLANs  ex¬ 
tensively  and  is  struggling  with 
the  same  upgrade  questions  that 
Baylor  has  —  is  working  to  ens¬ 
ure  future  versions  of  its  Cen- 
trino  WLAN  hardware  are 
“802.1 11-upgradeable,”  Glendin¬ 
ning  says. 

Cisco  also  has  started  educat¬ 
ing  customers  on  its  802.1  li  pro¬ 
duct  plans. 

“On  the  access  point  side, 
you’ll  need  new  radios  or  a 
whole  new  access  point  for  good 
performance  for  802.1  li,”  says 
Chris  Bollinger,  product  manager 
for  Cisco’s  WLAN  business.  “And 
the  new  network  interface  cards 
will  also  have  AES  on  board.” 


Though  a  time  frame  has  not 
yet  been  announced,  Cisco 
plans  to  include  AES-based 
processors  in  the  Cisco  1000  and 
1200  WLAN  access  points  before 
the  802.1  li  standard  is  finalized. 
Cisco  will  provide  a  way  to  acti¬ 
vate  802.1  li  with  these  models 
once  the  standard  is  set.  “In  the 
Cisco  product  family,  you  could 
have  several  different  security 
schemes  on  one  access  point,” 
Bollinger  says. 

However,  for  customers  that 
spent  millions  of  dollars  on 
Cisco  WLAN  equipment  that  sup¬ 
ports  WEPAVPA  but  not  802.1  li, 
Cisco  wouldn’t  necessarily  ad¬ 
vise  swapping  it  all  out  for 

802.1  li,  especially  if  used  in 
retail  sales  or  warehouse  envi¬ 
ronments  where  worry  about 
WLAN  sniffing  and  cracking 
might  be  minimal. “If  the  highest 
level  of  support  is  WPA,”  Bol¬ 
linger  says, “that’s  not  bad.” 

As  802.1  li  gets  closer  to  being 
finalized,  testing  equipment  for 
interoperability  across  vendor 
lines  will  become  a  bigger  issue. 
The  Wi-Fi  Alliance  and  Tru- 
Secure’s  ICSA  Laboratory  are 
among  the  organizations  plan¬ 
ning  to  conduct  such  tests. 

PEAP  problems 

Even  if  802.1  li  turns  out  well 
this  year,  there  are  other  simmer¬ 
ing  WLAN  security  issues  that 
show  no  signs  of  cooling  down. 

Cisco  and  Microsoft  over  a  year 
ago  teamed  on  a  client/server- 
based  authentication  protocol 
called  PEAP  (see  www.nw 
fusion.com,  DocFinder:  9255). 
The  goal  was  to  include  PEAP  in 
WLAN  gear  as  well  as  client  soft¬ 
ware,  authentication  servers  and 
online  directories  where  an  end- 
to-end  authentication  protocol 
was  needed  to  approve  user 
access  to  a  WLAN.  Microsoft  and 
Cisco  submitted  the  work  done 
on  PEAP  to  the  Internet  Engin¬ 
eering  Task  Force,  hoping  it 
would  become  a  standard. 

However,  Cisco  and  Microsoft 
are  now  sharply  split  on  what 
PEAP  is  supposed  to  be,  with 
each  supporting  separate  ver¬ 
sions  but  confusing  customers 
by  still  calling  their  own  imple¬ 
mentations  PEAP 

“There  are  two  flavors  since 
Cisco  and  Microsoft  PEAP  haven’t 
come  together,”  says  Kevin  Walsh, 
director  of  product  management 
at  Funk  Software,  which  has 
endeavored  to  support  multiple 
WLAN  security  methods  in  its 
client/server  authentication  prod¬ 
ucts.  “The  Cisco  [PEAP]  client 
can’t  be  authenticated  by  the 
Microsoft  server  and  vice  versa.” 


“PEAR  when  it  first  came  out, 
everyone  said,  ‘This  is  it!’” 
Cisco’s  Bollinger  says.  “PEAP 
was  defined  in  a  fairly  flexible 
way.  It  works  much  like  your 
browser  when  you  go  to  a  Web 
page.  PEAP  uses  Secure  Sockets 
Layer  under  the  covers,  and  you 
can  encrypt  from  the  client  to 
the  server  and  then  authenti¬ 
cate.” 

But  the  flexibility  in  the  model 
allowed  for  variants  that  have 
split  Cisco  and  Microsoft  in  this 
area.  Microsoft  has  supported  its 
version  of  PEAP  in  Windows  XR 
Windows  2003  and  Active  Direc¬ 
tory  in  a  way  that  Cisco  terms  a 
“lock-in.” 


“It  works  great  for  Active  Direc¬ 
tory  and  NT  domains,  but  does¬ 
n’t  work  with  [Lightweight 
Directory  Access  Protocol],  No¬ 
vell  Directory,  SecurlD  or  one¬ 
time  passwords,”  Bollinger  says. 
“It  works  great  for  Microsoft  data¬ 
bases  and  nothing  else.” 

Cisco’s  version  is  broader, 
according  to  Bollinger.  With  its 
Microsoft  alliance  foundering, 
Cisco  has  turned  to  Funk,  Intel, 
MeetingHouse  Communications 
and  others  to  ensure  its  version  of 
PEAP  is  supported  in  client  soft¬ 
ware.  Cisco  also  still  supports  an 
older  proprietary  protocol,  Light¬ 
weight  Extensible  Authentication 
Protocol,  specific  to  its  own  WAP 
and  authentication  server. 

Microsoft  declined  to  provide  a 
spokesman  on  the  issue  of  PEAP 
but  did  answer  questions  via 
e-mail. 

“Both  companies  support  PEAP 
but  each  with  different  methods 
of  authentication,”  Microsoft 
wrote.  “In  comparing  Microsoft’s 
version  and  Cisco’s  version,  we 
believe  our  implementation 
offers  several  important  advan¬ 
tages.”  Among  these  would  be  a 
feature  Microsoft  calls  “fast  recon¬ 
nect,”  supposedly  a  speedier 
method  of  authentication. 

Microsoft’s  e-mail  also  said: 
“The  Cisco  approach  is  not  an 
open  standard  and  is  available 
only  from  Cisco  partners,  poten¬ 
tially  limiting  future  network 
infrastructure  choices  and 
potentially  leading  to  higher 
long-term  deployment  costs.” 

Meanwhile,  both  versions  of 
PEAP  languish  in  the  IETF  with¬ 
out  making  any  progress  as  a 
common  standard.  ■ 
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Minimize  costs.  Maximize  utilizati 


HP's  virtualization  solutions  simplify  storage  management  while  making  the  most  of  the  storage  you  already  have. 

Your  data  storage  needs  keep  expanding.  Your  budget  keeps  shrinking.  HP's  EVA3000  and  EVA5000  virtual  arrays  can  solve  both  problems.  They  let 
you  pool  your  storage,  so  it  can  be  instantly  assigned  wherever,  whenever  and  in  whatever  amount  it's  needed.  Efficiency  doesn't  come  at  the  expense 
of  complexity  either,  thanks  to  an  intuitive  Web  interface.  And  HP  is  the  only  company  that  offers  host,  network  and  array-based  virtualization  solutions. 
Lower  costs.  Higher  utilization  of  your  assets.  It's  a  virtual  no-brainer. 


I  HP  StorageWorks  EVA5000 

|  Dual  ported  2GB  FC-AL  channels 

■  1024MB  cache  per  controller 

■  VraidO,  Vraidl  and  Vraid5  RAID  support 
|  Up  to  35TB  (with  146GB  disks) 

■  Redundant  cache  and  controllers 
>  VCS  software  for  HSV1 10 


invent 


Demand  more  efficiency.  Download  ZDNet's  whitepaper  "Doing  More  with  Less  with  HP  StorageWorks  EVA5000  or 
HP  StorageWorks  EVA3000"  atwww.hp.com/go/storage7  or  dial  1-800-282-6672,  option  5  and  mention  code  AKWF. 


©  2003  Hewlett- Packard  Development  Company,  L.P. 


^  BY  NOON,  THE  IT  DEPARTMENT  WILL  BE 
ALERTED  TO  750  DIFFERENT  PROBLEMS. 

i ft  i./  .  ;•  -  I  •  ' 


ONE  OF  THEM  WILL  LOSE  115 
ONLINE  RESERVATIONS  A  MINUTE 


©  2003  BMC  Software  Inc. 


CAN  YOUR  SOFTWARE  TELL  YOU  WHICH  ONE? 


Business  Service  Management  solutions  from  BMC  Software® 
can.  They  automatically  prioritize  IT  management  issues 
according  to  business  importance  and  alert  you  before 
potential  problems  can  impact  performance.  They  also  let 
you  prioritize  IT  investments  and  resource  allocations  to 
optimize  your  business  results.  So  you  can  solidly  align  your 
IT  investments  with  strategic  business  goals.  And  protect 


the  delivery  of  vital  business  services  like  online  transactions, 
sales,  customer  service,  logistics  and  distribution — whatever 
is  most  critical  to  your  company's  success.  It's  enterprise 
management  software  that  works  with  your  existing  IT 
resources  to  let  you  manage  what  matters  from  a  business 
perspective  and  execute  with  precision.  Find  out  how  at 
www.bmc.com/bsm33 


<bmcsoftware 
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C&W  service  termination  rankles  customers 


■  BY  DENISE  PAPPALARDO 

Cable  &  Wireless  America  is 
giving  customers  reason  for  con¬ 
cern  yet  again  as  it  tries  to 
reduce  its  network  size  and  drop 
customers. 

The  service  provider  —  which 
filed  for  bankruptcy  a  month  ago 
—  is  in  the  process  of  reducing  its 
customer  base  by  about  400  in  1 1 
cities  (see  graphic).  As  of  last 
month,  the  company  said  it  had 
5,000  customers. 

This  is  the  latest  in  a  series  of 
reorganizations,  management 
changes  and  service  discontinu¬ 
ances  the  financially  strapped 
company  started  18  months  ago. 
C&W  says  the  latest  cuts  are  a 
result  of  its  effort  to  focus  on  Web 
hosting  and  IP  services. 

C&W  notified  customers  by 
mail  last  month  that  they  had  60 
days  to  find  another  service 
provider  or  be  cut  off  by  Feb.  13. 

“When  they’re  cutting  off  your 
service  they  should  also  send 
e-mails  to  be  sure  customers 
know  as  soon  as  possible,”  says 
one  IT  manager  in  Cleveland 
who  asked  to  remain  anony¬ 
mous.  Instead,  this  user  scram¬ 
bled  one  week  before  Christmas 
to  find  another  carrier  that  could 
support  a  quick  cutover. 

“We  just  renewed  our  contract 
after  we  were  assured  [C&W] 
wasn’t  going  to  pull  the  plug.  We 


shouldn’t  have  renewed,”  he  says. 

Meanwhile,  C&W’s  message  to 
customers  is  ambiguous  and 
confusing.  Although  the  letter 
says  IP  services  will  be  discontin¬ 
ued  in  the  1 1  cities,  a  C&W  exec¬ 
utive  says  that’s  not  the  case. 

“We  have  multiple  nodes  in 
Santa  Clara. We  are  shutting  down 
one  of  those  nodes,”  says  Xindi 
Wu,  vice  president  of  product 
management  at  C&W  America. 
“We’re  shutting  down  11  nodes.” 
But  in  cities  such  as  Austin, Texas, 
and  Cleveland,  where  C&W  only 
has  one  node,  customers  are  left 
in  the  lurch. 

“This  was  disappointing,”  says 
Brownlee  Thomas,  an  analyst  at 
Forrester  Research.  Although 
some  users  should  not  have 
been  surprised, C&W  didn’t  drop 
customers  as  thoughtfully  as  it 
should  have,  she  says. 

Some  customers  that  buy  com¬ 
plex  Web  hosting  lost  dedicated 
Internet  access  in  some  of  these 
cities,  she  says.  “That’s  just  not 
smart,”  she  says. 

The  company  says  its  decision 
to  turn  off  nodes  and  drop  cus¬ 
tomers  was  made  before  it  filed 
for  bankruptcy 

“Has  Cable  &  Wireless  further 
lost  creditability?  Well,  this  cer¬ 
tainly  doesn’t  help, ’’Thomas  says. 

While  the  service  provider  has 
been  looking  for  ways  to  elimi¬ 
nate  unprofitable  nodes  and.ulti¬ 


End  of  the  line 

Cable  &  Wireless  America  sent  this  letter  to  about  400 
customers  notifying  them  that  their  IP  service  will  be  cut 
off  in  60  days. 

I  Dec.  13, 2003 

Dear  Customer, 

Cable  &  Wireless  America  remains  committed  to  providing  excep¬ 
tional  value  to  the  US  marketplace,  and  we  are  continuing  to  evalu¬ 
ate  our  product  &  service  offerings  and  network  infrastructure  in 
order  to  deliverthe  highest-quality  services  to  ourcustomers. 

As  you  may  be  aware,  certain  of  the  Cable  &  Wireless  America  enti- 

I I  ties  filed  voluntary  petitions  for  bankruptcy  on  Dec.  8, 2003.  This  dis¬ 
connect  notice  is  not  being  issued  as  a  result  of  the  bankruptcy  filing. 
Rather,  the  company  is  continuing  to  operate  in  the  ordinary  course  of 
business  during  its  bankruptcy. 

Based  on  this  ongoing  evaluation,  we  are  consolidating  our  network  to 
focus  on  Hosting  and  IP  Solutions.  While  we  continue  to  invest  in  flex¬ 
ible  and  secure  IP  connectivity  and  networking  services,  as  well  as  our 
secure  infrastructure,  we  are  discontinuing  IP  services  in  the  following 
locations  in  the  US: 

Austin,  TX  Kansas  City,  KA  Orlando,  FL  San  Antonio,  TX 


mately,  customers,  it  also  is  trying 
to  significantly  reduce  the  size  of 
its  network. 

The  company  wants  to  shut  off 
5,099  circuits  on  its  national  net¬ 
work,  according  to  documents 


filed  with  the  U.S.  Bankruptcy 
Court  for  the  District  of  Delaware. 
C&W  leases  these  circuits  from 
several  carriers,  including  AT&T, 
MCI  and  SBC. 

If  the  court  approves  the  ser¬ 


vice  provider’s  request,  C&W  will 
nearly  cut  its  network  in  half. The 
service  provider’s  backbone  con¬ 
sists  of  just  over  12,000  circuits 
today 

C&W  calls  these  5,099  circuits 
“inactive”  and  says  it  will  reduce 
its  monthly  expenses  by  $1.8 
million  per  month  if  it  can  elim¬ 
inate  these  lines.  The  court  is 
expected  to  rule  on  the  service 
provider’s  request  at  the  end  of 
the  week. 

The  company  is  trying  to  focus 
on  high-end  and  complex  Web 
hosting  and  get  rid  of  much  of  its 
unused  capacity“It’s  trying  to  be¬ 
come  profitable,”  Thomas  says. 

Dropping  these  circuits  will  not 
affect  customers,  Wu  says.  Ac¬ 
cording  to  Wu,  they  do  not  carry 
user  traffic.  If  that’s  the  case, 
C&W  has  a  significant  amount  of 
overcapacity 

Overcapacity  contributed  to  the 
company’s  current  financial  con¬ 
dition.  In  early  December,  C&W 
struck  a  deal  with  Gores  Technol¬ 
ogy  and  then  filed  for  bankruptcy 
as  part  of  that  deal. 

Gores  is  trying  to  buy  C&W 
America  for  $125  million.  But 
first  the  service  provider’s  assets 
will  be  auctioned  at  the  end  of 
the  month  to  see  if  any  other 
buyers  are  willing  to  pay  more. 
Gores  and  C&W  say  they  expect 
the  deal  to  move  forward  and 
conclude  by  early  February  ■ 


Alumni 

continued  from  page  1 

modem, ’’said  Abraham, shaking  his  head  and  pointing  to  a 
full-blown  Ethermodem  on  a  nearby  memorabilia  table 
covered  with  mugs,  photo  albums  and  other  tchotchkes. 

Chipcom  is  one  of  many  former  network  industry  stars 
that  lives  on  through  an  active  alumni  group.  Others,  from 
Alteon  to  Digital  Equipment  to  Netscape,  do  the  same. 
Groups  also  exist  for  companies  that  are  still  around, such 
as  Lucent,  that  might  have  shed  many  employees  over  the 
years  by  one  means  or  another. 

The  groups  help  keep  former  colleagues  and  friends  in 
touch.  On  the  Netscape  alumni  site,  many  former  co¬ 
workers  are  still  issuing  salutes  to  a  company  that  —  as 
Mike  (employee  No.  335)  put  it,  “changed  the  world.” 
Others  are  still  griping  about  how  Microsoft  or  Sun  or 
AOL  ruined  Netscape  and  turned  working  there  into, well, 
work.  “I’m  tired  . . .  tired  of  dragging  myself  to  ‘work’  and 
dealing  with  the  daily  corporate  drudgery  wrote  one 
alum  recently. 

Aleks  Totic,  an  early  Netscape  developer  who  started 
the  site  in  1998,  says  it  gets  about  20,000  hits  each  month 
and  that  1 ,000  people  have  added  their  entry  information 
on  the  site.That's  impressive  considering  that  we’ve  only 
had  3,000  alumni,”  he  says.Traffic  spikes  when  Netscape’s 
Mozilla  open  source  development  offshoot  makes  news 
or  when  there  are  layoffs  at  what’s  left  of  Netscape  within 
AOL,  which  bought  the  company  in  1999. 


Like  these  Netscape  alums,  former  Chipcom  employee 
Mlinarsky  has  clearly  not  forgotten  her  roots.  She  now 
heads  a  wireless  network  start-up  called  Azimuth  that 
boasts  a  board  of  directors  featuring  former  Chipcom  CEO 
Rob  Held  and  a  board  of  advisors  including  Abraham, 
Chipcom’s  fourth  employee  and  now  the  head  of  40G 
bit/sec  optical  network  company  Mintera.  What’s  more, 
Ilan  Carmi,  former  vice  president  of  engineering  at 
Chipcom,  is  the  company’s  lead  venture  capitalist  and  a 
board  member. 

Held  says  one  reason  former  Chipcom  employees  — 
some  of  whom  refer  to  themselves  as  “Chippers”  and  their 
parties  as  “Chipcom  proms” —  continue  to  stay  in  touch  is 
that  the  company  was  really  brought  together  during  an 
18-month  period  when  it  was  without  a  CEO. 

“People  got  used  to  making  compromises  across  depart¬ 
ments,”  he  says.“It  fostered  a  lot  of  trust  among  people  and 
that  never  went  away” 

Another  former  network  equipment  maker,  Alteon  of 
Jumbo  Frames  fame,  also  lives  on  via  an  alumni  group 
even  though  Nortel  consumed  the  company  roughly  three 
years  ago.  One  ex-Alteon  employee  who  asked  not  to  be 
named  says  Nortel’s  “dismemberment”  of  Alteon  drew  him 
and  his  former  colleagues  ever  closer  together,  partly  to 
stay  in  touch,  partly  to  rip  former  Nortel’s  management 
team. 

The  Alteon  alumni  site  was  launched 
by  Dan  Tuchler,  now  a  consultant,  and  a 
former  colleague  who  registered  a 


domain  name  (see  www.nwfusion.com,  DocFinder: 
9260)  for  alums  a  few  months  after  leaving  Nortel  but  did¬ 
n’t  quite  know  what  to  do  with  it.  “We  thought  it  might 
serve  as  a  way  to  give  people  free  e-mail  accounts,” 
Tuchler  says. 

Now  the  site  serves  to  alert  alumni  to  reunion  events,  at 
which  tequila  shots  are  commemorated  in  online  photos, 
and  keeps  them  up  to  date  on  which  Alteon  products  are 
selling  on  eBay  And  where  else  can  you  find  the  notori¬ 
ous  “Ad  we  never  used,”  which  features  a  picture  of  a  baby 
staring  at  a  mother’s  breast  and  includes  the  words:  “Did 
you  ever  think  you  could  be  this  happy  again?” 

Perhaps  the  granddaddy  of  network  industry  alumni  sites 
is  Digital  Equipments,  which  launched  in  1993,  years  be¬ 
fore  Compaq  snapped  up  the  struggling  computer  maker. 

The  site  is  actually  a  for-profit  organization  that  features 
ads  and  sells  merchandise  such  as  sweatshirts. 

“It’s  not  a  huge  money  maker;  we  just  raise  enough  to 
stay  alive,”  says  Peter  Koch,  a  25-year  Digital  veteran  who 
now  runs  the  site.  He  says  there  are  7,000  alums  in  the  site’s 
database,  with  roughly  one-third  of  them  active  at  any  time. 

Koch  says  he  gets  inspiration  to  stick  with  the  effort 
given  the  closeness  of  the  Digital  community,  which  still 
rallies  in  the  hundreds  for  holiday  and  other  reunion  par¬ 
ties  around  the  world.  “[Founder]  Ken  Olsen  established 
a  culture  in  which  people  were  given  big  responsibilities 
and  were  held  accountable.  People  don’t  for¬ 
get  that  sort  of  thing,  even  this  many  years 
later,”  he  says.W 
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INFORMATION 
LIFECYCLE 
MANAGEMENT  IS: 

a  strategy  that  uses 
people,  processes  and 
technology  to  store  and 
tap  critical  business 
data  throughout  its 
lifespan  of  value. 


IN  THIS  EDITION: 

Pressured  to  better 
manage  information 
assets,  companies  today 
need  an  overarching 
plan  to  prioritize  busi¬ 
ness  information  based 
on  its  value  to  the 
enterprise.  Many  are 
turning  to  a  new  con¬ 
cept  called  Information 
Lifecycle  Management 
as  an  innovative,  end- 
to-end  solution. 


Making  the  Case  for 
Information  Lifecycle  Management 


MAKE  NO  MISTAKE:  using  information 
wisely  can  make  or  break  your  company. 

Once  a  supporting  player  in  the 
creation  of  goods  and  services,  infor¬ 
mation  today  is  the  star  of  the  show, 
acting  as  the  linchpin  to  success  for 
enterprises  worldwide.  And  as  the 
latest  business  applications  provide 
new  methods  of  organizing  and 
managing  information,  innovative 
companies  worldwide  have  placed 
the  strategic  use  of  information  at 
the  heart  of  their  business  models. 
These  companies  realize  that  if  man¬ 
aged  wisely,  corporate  information 
can  yield  rich  nuggets  of  insight  to 
help  them  create  additional  revenue 
streams  and  enhance  existing  lines  of 
business. 


“The  ability  to  use  and  leverage 
information  as  a  company  to  drive 
additional  business  is  critical,”  says 
Mark  Lewis,  chief  technology  officer 
at  EMC,  based  in  Hopkinton,  Mass. 
“For  many  companies,  smart  use  of 
information  has  truly  become  a  dif¬ 
ferentiator,  particularly  as  technolo¬ 
gy  provides  company  wide  access.” 

But  knowing  that  information  is  a 
vital  strategic  tool  and  being  able  to 
fully  wield  that  tool  are  two  different 
things.  Business  leaders  may  realize 
that  they  are  sitting  on  a  gold  mine 
of  knowledge,  but  they  remain  frus¬ 
trated  by  their  inability  to  harness 
the  power  of  information.  For  many, 
the  solution  is  taking  the  form  of 
Information  Lifecycle  Management. 
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OVERVIEW 


Managing 
information  wisely 
means  finding  a 
way  to  link  and 
analyze  the 
data  that  lies  in 
disparate 

applications  across 
the  enterprise. 

“Information 
is  much  more 
interrelated, 
and  people 
are  more 
interested 
in  that 

interrelation.” 

— Ron  Williams, 
senior  manager  at 
Earthlink 


CHALLENGES  TO  INFORMATION 
MANAGEMENT 

There  are  a  number  of  obstacles  in  the 
path  of  executives  who  seek  to  create  and 
exploit  an  integrated  flow  of  information 
throughout  their  companies.  Among  the 
challenges: 

Explosive  Information  Growth.  The  vast 
majority  of  business  information  is  online 
now,  fueling  explosive  growth  in  the  infra¬ 
structure  that  supports  it.  “I’m  constantly 
hearing  about  how  much  information  is 
growing  as  IT  is  integrated  into  the  business 
process,”  says  Mike  Fisch,  director  of  stor¬ 
age  and  networks  at  The  Clipper  Group,  a 
consultancy  based  in  Wellesley,  Mass.  Data 
reside  in  a  variety  of  formats — the  unstruc¬ 
tured  data  found  in  emails  and  Word  files, 
the  structured  information  of  databases  and 
transactional  applications — but  tying 
together  these  disparate  sources  of  informa- 


SEVEN  DEADLY  SPEEDBUMPS 

Here  are  the  top  7  challenges  to  effective 
information  management: 

•  Explosive  Information  Growth 

•  Cost  Constraints 

•  Information’s  Strategic  Value 

•  Perceived  Strategic  Value 

•  Regulatory  Issues 

•  Fluid  Nature  of  Information 

•  Perceived  Business  Value 


GROWTH  STORAGE  CAPACITY 
FOR  COMPLIANT  RECORDS 


The  capacity  of  compliant  records  will  increase 
from  376PB  in  2003  to  1 ,644PB  in  2006, 
representing  a  CAGR  of  64% 
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SOURCE:  ENTERPRISE  STORAGE  GROUP, 
COMPLIANCE  STUDY,  MAY  2003 


The  need  to  meet  compliance  requirements  will 
continue  to  grow,  requiring  methodologies  and 
technologies  to  understand  the  value  of  infor¬ 
mation  and  how  to  manage  it  accordingly. 


tion  is  a  complex  challenge.  “Information  is 
much  more  interrelated,  and  people  are 
more  interested  in  that  interrelation,”  says 
Ron  Williams,  a  senior  manager  at 
Earthlink,  a  $1.3  billion  Internet  services 
provider  based  in  Atlanta. 

What’s  more,  the  growth  of  electronic 
data  has  spawned  a  whole  new  category 
of  metadata:  information  about  the  data 
itself,  such  as  who  created  it,  who 
accessed  it,  where  it’s  been  and  who’s 
changed  it.  “It’s  an  exponential  feedback 
loop,”  says  Williams. 

Cost  Constraints.  Face  it:  companies 
have  the  difficult  task  of  growing  their 
informational  infrastructure  in  a  frugal  cli- 


WORLDWIDE  PRODUCTION  OF  ORIGINAL  INFORMATION 

(If  stored  digitally,  in  terabytes  circa  2002) 

2002  2002 

Terabytes  Terabytes  1999-2000  1999-2000  %  Change 


Storage  Medium 

Upper 

Estimate 

Lower 

Estimate 

Upper 

Estimate 

Lower 

Estimate 

Upper 

Estimates 

Paper 

1,634 

327 

1,200 

240 

36% 

Film 

420,254 

76,69 

431 ,690 

58,209 

-3% 

Magnetic 

4,999,230 

3,416,230 

2,779,760 

2,073,760 

80% 

Optical 

103 

51 

81 

29 

28% 

TOTAL: 

5,421,221 

3,416,281 

3,212,731 

2,132,238 

69% 

Upper  estimates  assume  information  is  digitally  scanned,  lower  estimates  assume  digital  content  has  been  compressed. 

SOURCE:  “HOW  MUCH  INFORMATION?  2003,”  SCHOOL  OF  INFORMATION  MANAGEMENT  AND  SYSTEMS,  UNIVERSITY  OF  CALIFORNIA  AT  BERKELEY 
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mate.  Budgets  are  flat  or  rising  just  slightly, 
and  CIOs  are  under  severe  pressure  to  drive 
every  possible  penny  from  their  spending 
plans.  “The  ability  to  manage  data  costs  is 
super  critical,”  Williams  says.  Merely  plan¬ 
ning  for  growth  can  take  up  a  hefty  chunk 
of  technical  resources. 

Information’s  Strategic  Value.  Cost  and 
planning  issues  will  not  stem  the  relentless 
demand  for  better  access  to  information. 
Businesses  have  grasped  the  undeniable 
strategic  value  of  information  and  want 
that  knowledge  available  in  a  seamless 
fashion.  Bottom  line:  the  access,  availabili¬ 
ty  and  protection  of  mission-critical  infor¬ 
mation  are  of  vital  importance. 

Regulatory  Issues.  New  government  reg¬ 
ulations  such  as  Sarbanes-Oxley  and  the 
Health  Information  Portability  and 
Accountability  Act  are  throwing  new  wrin¬ 
kles  into  the  management  of  data,  as  com¬ 
panies  face  the  risk  of  fines  and  legal  action 
for  noncompliance.  “Regulations  such 
as  Sarbanes-Oxley  are  driving  the  need  to 
be  able  to  prove  where  data  went  [and] 
who  accessed  it,  and  then  be  able  to  bring 
it  back  to  the  state  where  it  was  last 
accessed,”  Williams  explains. 

As  data  become  more  interrelated, 
application-specific  solutions  to  regulato¬ 
ry  compliance  won’t  get  the  job  done, 
says  Mike  Kahn,  managing  director  of 
The  Clipper  Group.  “The  problem  is 
multi-application,  as  records  can  be  in 
specific  applications  as  well  as  in  places 
like  email.” 

The  Fluid  Nature  Of  Information. 

Information  holds  different  business  values 
over  the  course  of  its  life  and  must  be  man¬ 
aged  accordingly.  This  means  that  compa¬ 
nies  need  to  create  processes  that  allow 
information  to  move  about  freely,  as  need¬ 
ed.  “Information  doesn’t  just  move  down  in 
value,”  explains  Steve  Kenniston,  a  technol¬ 
ogy  analyst  with  Enterprise  Storage  Group, 
in  Milford,  Mass.  “Policies  should  dictate 
that  data  move  up  and  down  the  storage 
food  chain  as  business  needs  dictate.” 

At  Earthlink,  for  example,  Williams  is 
building  a  tiered  storage  platform  based  on 
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Information  Lifecycle  Management  addresses 
many  of  the  key  challenges  Senior  IT  executives 
believe  they  will  face  in  2004. 


“CIOs  need  to 
set  up 

management 
policies  that 
align  with  the 
value  of 
information. 

Cradle  to 
grave,  it’s  a 
complex 
thing.” 


EMC  technologies.  “What  EMC  has  been 
doing  for  a  while  is  building  the  ability  to 
move  data  that  we  need  to  access  faster  to 
storage  that  can  deliver  it  faster  and  help 
migrate  information,”  he  says. 

The  Business  Value  Of  Information. 
Understanding  the  value  of  information  is 
at  the  heart  of  managing  information,  and 
that  requires  some  forethought  on  the  part 
of  both  the  CIO  and  his  line  of  business 


— Steve  Kenniston, 
technology  analyst, 
Enterprise  Storage  Group 


5  ELEMENTS  OF  AN  INFORMATION  LIFECYCLE 
MANAGEMENT  STRATEGY 

According  to  industry  experts,  a  successful  Information  Lifecycle 

Management  strategy  must  be: 

•  Business-centric:  This  means  that  IT  and  business  need  to  work 
together  to  align  with  key  processess,  applications  and  business  ini¬ 
tiatives. 

•  Policy-based:  New  government  regulations  like  Sarbanes- 
Oxley  and  HIPAA  mandate  how  long  data  must  be  retained,  when 
it  may  be  deleted  and  who  has  access  to  it — all  perfect  candidates 
for  policy-driven  automation.  CIOs  should  tie  information  polices 
to  automated  tools  that  ensure  policy  enforcement. 

•  Centrally  managed:  To  provide  an  integrated  view  of  all  of  the 
business’s  information  assets,  both  structured  and  unstructured, 
Information  Lifecycle  Management  must  he  centrally  managed. 

•  Heterogeneous:  To  operate  throughout  the  entire  enterprise, 
Information  Lifecycle  Management  strategies  must  encompass  all 
types  of  platforms  and  operating  systems. 

•  Aligned  with  the  value  of  data:  A  key  aspect  of  Information 
Lifecycle  Management  is  the  ability  to  match  storage  resources  to 
the  value  of  business  data  at  any  given  point  in  time.  Once  classi¬ 
fied,  Information  Lifecycle  Management  matches  infrastructure  to 
the  value  of  the  data. 
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OVERVIEW 


IMPLEMENTING  INFORMATION  LIFECYCLE 
MANAGEMENT 

To  understand  how  Information  Lifecycle  Management  can  work  in 
real  life,  consider  how  information  moves  through  the  supply  chain: 

•  Company  XYZ  receives  an  order  for  a  new  widget.  Immediately 
automated  tools  tag  the  data  according  to  preset,  business-driven 
data  policies,  enabling  the  company  to  track  and  manage  the  infor¬ 
mation  throughout  its  lifecycle. 

•  The  data  value  at  creation  is  high,  as  it  remains  during  order 
processing,  where  many  people  access  and  use  it  to  fill  and  ship 
product  orders. 

•  After  the  order  is  shipped,  the  informational  value  drops, 
prompting  Information  Lifecycle  Management  tools  to  automat¬ 
ically  migrate  the  data  from  a  high-performance  tier  of  storage 
to  a  lower  cost  level  that  takes  longer  to  access. 

•  However,  if  the  customer  calls  in  with  a  claim  about  a  year  into 
the  two-year  warranty,  for  example,  the  Information  Lifecycle 
Management  tools,  once  again  managed  by  value-driven  policies, 
pull  the  product  data  back  to  a  high  level  of  storage  so  that  cus¬ 
tomer  service  representatives  and  technical  personnel  can  readily 
draw  on  it. 

•  When  the  warranty  runs  out,  Information  Lifecycle  Management 
tools  recognize  the  policies  pertaining  to  the  tagged  data  and  auto¬ 
matically  delete  the  information,  thus  closing  out  the  lifecycle. 


QUESTIONS  ABOUT 
INFORMATION 
LIFECYCLE 
MANAGEMENT? 

If  you’ve  got  any  burning 
questions  about 
Information  Lifecycle 
Management — and  how 
you  can  begin 
implementing  such  a 
strategy — send  them  to 
ilm_questions@emc.com. 
We’ll  answer  the  most 
frequently  asked 
questions  later  in 
this  series. 


peers.  If  companies  want  to  manage  infor¬ 
mation — and  get  it  to  where  it  needs  to  be 
in  an  automated  format — they  must  first 
analyze  and  prioritize  the  business  value 
that  underlies  the  data. 

“CIOs  need  to  set  up  management  poli¬ 
cies  that  align  with  the  value  of  informa¬ 
tion,”  agrees  Kenniston.  “Cradle  to  grave, 
it’s  a  complex  thing.” 

BUILDING  AN  INFORMATION 
LIFECYCLE  MANAGEMENT 
STRATEGY 

Information  Lifecycle  Management  is  not 
a  product  but  rather  an  innovative 
method  of  harnessing  informational 
chaos.  “Information  Lifecycle  Manage¬ 
ment  is  a  strategy,  and  one  that  encom¬ 
passes  people,  processes  and  technology,” 
says  Kenniston.  Done  right,  Information 
Lifecycle  Management  is  proactive  and 
dynamic,  and  helps  companies  plan  IT 
growth  to  match  their  anticipated  needs. 

“Information  Lifecycle  Management 
is  the  ability  to  provide  companies  with 


universal  access  to  information — the 
right  information — and  the  most  up-to- 
date  and  logical  version  across  the  enter¬ 
prise,”  says  Tanuja  Randery,  vice  president 
for  global  strategic  initiatives  at  EMC.  “If 
companies  want  to  access  and  use  infor¬ 
mation  to  their  business  advantage,  the 
only  way  they  can  do  that  is  to  have  a 
universal,  unified  approach  to  both 
viewing  and  access.” 

At  this  early  stage,  industry  experts  are 
painting  the  picture  of  what  Information 
Lifecycle  Management  looks  like. 
“Information  Lifecycle  Management  is  a 
vision,  but  it’s  also  a  practical  reality  for 
the  future,”  says  The  Clipper  Group’s 
Fisch.  [See  “5  Elements  of  an  Information 
Lifecycle  Management  Strategy,”  p.  3.] 

Yet  Information  Lifecycle  Manage¬ 
ment  is  not  something  that  can  be  imple¬ 
mented  off  the  shelf,  nor  is  it  one-size-fits- 
all.  CIOs  must  closely  examine  their  orga¬ 
nizational  needs  and  craft  a  strategy  that 
best  fits  their  company.  A  big  task,  per¬ 
haps,  but  Information  Lifecycle  Manage¬ 
ment  can — and  should — be  implemented 
in  stages  that  greatly  simplify  the  task. 
For  example,  customers  can  start  by  first 
migrating  to  an  automated  networked 
storage  environment  with  tiers  of  storage 
to  deliver  varying  price  points  and  capa¬ 
bilities,  then  implementing  data  classifica¬ 
tion  and  management  policies  for  key 
applications  such  as  enterprise  resource 
planning.  In  the  end,  by  evolving  to  an 
enterprise-wide  platform,  corporations 
can  manage  corporate  information  across 
the  entire  enterprise. 


NEXT:  In  the  next  part  of  this  series, 
we’ll  explore  information  protection 
and  recovery. 


jg  FOR  MORE  INFORMATION 

where  information  lives  Visit  WWW.emC.COm/ilm 

for  an  in-depth  look  at  Information  Lifecycle 
Management  products,  services  and  strategies. 
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■  Novell  last  week  announced  that  its 
Ximian  Desktop  software  now  sup¬ 
ports  SuSe  Linux  Ximian  Desktop 
2,  a  product  Novell  acquired  with  its 
acquisition  of  Ximian  last  August,  is 
based  on  the  open  source  GNOME 
project  and  lets  users  deploy  a  Linux 
desktop  in  a  mixed  Linux/Windows 
environment.  The  new  version  also 
supports  SuSe's  Linux  Desktop  and 
includes  OpenOffice,  the  GAIM 
instant-messaging  client  and  Ximian 
Red  Carpet  configuration  manage¬ 
ment  software.  The  software  includes 
a  Web  browser  and  browser  plug-ins. 
Ximian  Desktop  2  can  be  freely  down¬ 
loaded.  A  version  of  the  software, 
which  includes  technical  support, 
automated  software  updates,  Java 
support,  additional  fonts  and  content 
plug-ins,  is  $100. 

■  Dantz  Development  has  enhanced 
its  back-up  and  restore  software  for 
Macintosh  computers  with  the  addi¬ 
tion  of  support  for  Mac  G4  and  G5 
computers  running  Mac  OS  X  "Pan¬ 
ther,"  Apple’s  latest  operating  system 
for  Macintosh  computers.  Retro¬ 
spect  6.0  also  now  protects  Apple’s 
Xserve  RAID  storage  devices  and 
SCSI  and  Fibre  Channel  tape  libraries. 
There  now  is  no  limit  to  the  size  of  vol¬ 
umes  that  can  be  backed  up,  and 
backups  to  disk  can  span  multiple 
FireWire  or  USB  hard  drives.  The  new 
version  of  Retrospect  also  supports 
tape  libraries  with  more  than  128  dri¬ 
ves.  Retrospect  6.0  is  expected  to  be 
available  this  month  for  $799  for  100 
network  clients  and  servers. 

■  Apple  last  week  introduced  a  new 
RAID  array  that  will  let  users  store  as 
much  as  3.5T  bytes  of  data.  The 
Xserve  RAID  storage  system  is 

contained  in  a  3U-high  chassis  and 
has  14  Advanced  Technology  Attach¬ 
ment  drivers.  It  also  supports  Win¬ 
dows  and  Linux  environments.  The 
Xserve  RAID  subsystem  connects  to 
any  Xserve  or  Power  Mac  using  a  2G 
byte/sec  Fibre  Channel  PCI  adapter, 
which  Apple  sells  for  $499.  The  RAID 
subsystem  starts  at  $6,000  for  IT 
byte  of  storage  capacity. 


3Com  upgrades  flagship  switch 

Switch  7700  improvements  include  redundancy,  software  security  features. 

■  BY  PHIL  HOCHMUTH 


Backup  for  backup 


3Com’s  Switch  7700R  has  the  ability  to  provide  subsecond  failover  inside 
the  box,  and  failover  to  another  device. 


Primary 


Backup 
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Redundant  management  modules  let  the  switch  fail 
over  to  a  back-up  module  in  less  than  a  second. 


Virtual  Router  Redundancy  Protocol 
support  lets  a  master  Switch  7700R 
fail  over  traffic  to  a  back-up  switch 
without  disrupting  network  services. 
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3Com  this  week  is  expected  to  launch  a 
version  of  its  enterprise  backbone  switch 
offering  users  redundant  hardware  and 
new  security  software  features. 

The  Switch  7700R  will  include  the  option 
for  installing  dual  redundant  management 
modules,  which  will  let  the  box  fail  over 
from  one  module  to  another  in  less  than  1 
second,  according  to  the  company  This 
capability  is  a  key  feature  for  deploying 
high-availability  LANs  and  data  centers,  ex¬ 
perts  say  Meanwhile  analysts  say  the  new 
capability  gives  3Com  a  truly  competitive 
offering  for  large  corporations. 

The  Switch  7700,  announced  last  June,  is 
a  seven-slot,  chassis-based  switch  that  sup¬ 
ports  up  to  96  Gigabit  Ethernet  ports  and 
includes  redundant  power  supplies. 
Missing  was  the  important  feature  of  man¬ 
agement/switch  fabric  module  failover, 
analysts  say  The  7700R  adds  another  slot  to 
the  original  box,  with  seventh  and  eighth 
slots  for  redundant  management  blades. 
The  redundant  management  modules  run 
actively  in  parallel. 

Previously,  the  only  high-availability  con¬ 
figurations  for  the  Switch  7700  was  to 
install  primary  and  back-up  Switch  7700 


chassis  using  Virtual  Redundant  Routing 
Protocol  (VRRP),a  router  mirroring  proto¬ 
col  that  can  take  up  to  10  seconds  to  re 
establish  services  during  a  failover. 

The  Switch  7700R  is  being  deployed  at 
Prudential  Northwest  Properties,  a  real 
estate  company  with  19  offices  around  the 
Portland,  Ore.  area.  It  will  act  as  the  corpe 


rate  backbone,  plugging  in  all  corporate 
resources,  including  3Com’s  VCX  IP  PBX 
and  unified  messaging  servers. 

Having  a  backbone  with  dual,  redundant 
switch  fabrics  was  a  key  feature,  says  Sean 
McCrae,  CIO  for  Prudential  Northwest 
Properties. 

See  3Com,  page  18 


Alcatel  beefs  up  switch  mgmt  pack 


■  BY  PHIL  HOCHMUTH 

Alcatel  this  week  is  expected  to  release  a 
version  of  its  switch  management  software 
that  promises  to  make  managing  network 
devices  more  flexible, secure  and  efficient. 

The  new  version  of  Alcatel’s  OmniVista 
software  product  includes  OneTouch  capa¬ 
bilities  for  adding  complex  security  polices 
and  network  configuration  settings  with  a 
few  mouse  clicks.The  software  also  can  be 
used  with  non-Alcatel  switches,  the  com¬ 
pany  says. 

The  new  features  in  OmniVista  are  bro¬ 
ken  down  into  four  modules: 

•  Resource  Manager  is  a  module  that  lets 
administrators  create  templates  for  updat¬ 
ing  network  hardware  configurations.  The 
module  lets  users  update  hardware  in 
batches  across  the  network  and  also  can 
be  used  to  generate  documentation  on 
network  upgrades.  The  software  has  a  roll¬ 
back  feature  that  can  revert  switches  to 
their  original  configuration. 


•  Secure  Access  is  a  policy  management 
and  enforcement  component  that  can  be 
used  to  set  up  network  groups  and  config¬ 
ure  the  rights  and  access  privileges  of 
group  members.  The  module  relies  on  a 
Lightweight  Directory  Access  Protocol 
database  to  track  and  maintain  security 
groups.  Polices  such  as  access  control  lists 
and  bandwidth  allocation  can  be  distrib¬ 
uted  to  network  switches  through  the  soft¬ 
ware’s  desktop  interface. 

•  Trap  Responder  and  Locator  tools  can 
be  used  to  set  up  alerts  based  on  network 
events,  such  as  detection  of  certain  traffic 
patterns  or  other  indicators.  The  Locator 
feature  lets  administrators  track  the 
source  of  a  network  trap  to  the  physical 
port  on  a  switch. 

Alcatel  also  has  certified  the  software  to 
interoperate  with  Ethernet  LAN  switches 
from  3Com,  Cisco  and  Extreme  Networks. 
Alcatel  users  can  use  OmniVista  to  set  up 
network  traps,  and  Trap  Responder  and 
Locator  features,  and  other  basic  manage¬ 


ment  functions  on  switches  from  the  three 
certified  third-party  vendors. 

Most  switch  vendors,  such  as  3Com, 
Cisco,  Enterasys  Networks,  Extreme, 
Foundry  Networks  and  Nortel  offer  man¬ 
agement  software  for  their  respective 
switches  with  varying  levels  of  features. 

One  analyst  says  the  new  OmniVista  fea¬ 
tures  appear  to  reflect  user  needs. 

“Network  management  is  more  often  an 
afterthought  as  opposed  to  forethought  by 
network  switch  vendors,” says  Chris  Kozup, 
an  analyst  with  Meta  Group.  He  says  switch 
makers  usually  concentrate  on  “speeds 
and  feeds”  before  developing  advanced 
management  applications. 

“The  new  OmniVista  [product]  signals 
that  Alcatel  is  getting  some  traction  with  its 
LAN  products, and  that  they  are  listening  to 
customers’  concerns  and  executing  on 
those  concerns,”  he  says. 

OmniVista  costs  $4,000  per  license. 
Secure  Access  is  an  optional  application 
that  costs  $1 ,000  per  license  extra  ■ 
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It's  time  to  look  back  at  what  1  predicted 
for  2003  and  look  ahead  for  the  new 
year.  I  made  four  predictions  for  2003, 
and  I’m  claiming  partial  credit.  Specifically, 
1  said  (see  www.nwfusion.com,  DocFinder: 
9230): 

1  .At  the  end  of  2003,  Microsoft  still  will  be 
in  court  fighting  the  anti-trust  suit. 

Its  still  in  court  (with  the  Eolas  and  Real¬ 
Networks  suits), so  that’s  a  partial. 

2.  Microsoft  Office  will  begin  to  lose  out 
to  Web-based  productivity  packages 
offered  as  subscription  services. 

OpenOffice  is  gaining  momentum,  but 
not  as  a  subscription  service  —  MS  Office  is 


The  power  of  prognostication 


closer  to  that.  Again,  I’ll  take  partial  credit. 

3. The  release  of  Windows  .Net  Server  2003 
will  spur  an  increase  in  Linux-based  servers 
as  customers  scramble  to  use  the  hardware 
in  which  they’ve  already  invested. 

Linux-based  servers  are  increasing  in 
numbers  and  market  share,  but  not  as 
quickly  as  some  others  predicted.  I’ll  take 
full  marks  for  this  one. 

4.  Identity  management  emerges  as  the 
overwhelming  security  concern  for  net¬ 
works  and  online  services. 

Maybe  not  overwhelming  yet,  but  a  signif¬ 
icant  change  from  previous  years  so  I’ll 
claim  mostly  full  credit.  I’d  grade  it  2.75  out 
of  4,  not  great  but  not  bad. 

Now  let’s  go  out  on  a  limb  for  2004. 

1.  Microsoft,  faced  with  mediocre  sales 
figures,  will  step  up  activity  on  the  legal 
front  not  only  with  Eolas  and  RealNet¬ 
works,  but  also  with  anything  that  might  tar¬ 


nish  Linux  (such  as  the  SCO  debacle). 

2.  Speaking  of  SCO:  Unless  Microsoft 
invests  very  heavily  in  the  company  expect 
huge  losses  and  major  changes  in  man¬ 
agement  and  direction.  No  one  will  mourn. 

3.  Bolstered  by  activities  at  HRIBM,  Novell 
and  Sun,  Linux  will  become  firmly  en¬ 
trenched  in  the  enterprise  server  room.The 
extent  of  its  penetration  will  be  directly 
linked  to  the  demise  of  SCO. 

4.  In  the  identity  management  sphere, 
privacy  and  user  control  of  their  own  data 
will  be  the  major  topics.This  concern  will 
override  the  petty  squabbling  going  on  in 
the  “federated  identity”  space  among 
Microsoft,  IBM  and  the  Liberty  Alliance  as 
they  patch  over  their  differences  to  win 
market  share. 

Come  back  next  year  and  see  how  well 
I’ve  done.  In  the  meantime,  next  up  will  be 
my  choice  as  2003’s  Networking  MVP 


Kearns,  a  former  network  administrator,  is 
a  freelance  writer  and  consultant  in  Silicon 
Valley.  He  can  be  reached  at  wired@ 
vquill.com. 


Tip  of  the  Week 


Isa  bonus  prediction,  I 
flsee  2004  as  being  the 
biggest  year  yet  for  politics 
and  the  Internet.  From  spam 
to  speeches,  wannabe 
office  holders  will  spend 
more  time  online  than  in  all 
Iggv  previous  years  combined. 
We'll  have  to  find  some 

other  place  to  escape  them. 

"M 


Microsoft  releases  first  public  beta  of  Win  2003  for  Opteron 


■  BY  JOHN  FONTANA 

Microsoft  last  week  launched  the  first 
general  public  beta  program  for  its  Win¬ 
dows  Server  2003  64-bit  operating  system 
designed  for  Advanced  Micro  Devices’ 
Opteron  chip. 

The  Windows  Server  2003  64-bit  Ex¬ 
tended  System  preview  is  available  only  in 
the  Enterprise  Edition,  which  is  slated  for 
general  availability  in  the  second  half  of 
this  year  along  with  a  Standard  Edition.  A 
Datacenter  version  is  not  in  the  works 
because  no  hardware  manufacturer  has 
committed  to  developing  a  system  that 
would  tune  the  operating  system  for  a  spe¬ 
cific  hardware  platform,  which  is  the  way 
Datacenter  is  sold. 

Microsoft  has  worked  with  AMD  for  near¬ 
ly  two  years  to  develop  the  64-bit  operating 
system  for  its  chips:  Athlon  on  the  desktop 
and  Opteron  on  the  server.  The  64-bit  plat¬ 
form  processes  more  data  per  clock  cycle, 
allows  greater  access  to  memory  and 
speeds  numeric  calculations. 

Similar  64-bit  operating  systems  have 
been  available  on  the  Unix  platform  for 
years,  and  Microsoft  is  playing  catch-up. 

Last  April  the  company  released  a  64-bit 
version  of  Windows  Server  2003  for  the 
Intel  architecture  and  then  promised  to  fol¬ 
low  it  up  with  support  for  AMD’s  chips.  Last 
fall,  Microsoft  unveiled  the  first  private  beta 
of  the  Opteron-tuned  software,  which  uses 
64-bit  extensions  to  the  x86  instruction  set 
to  let  users  run  32-  and  64-bit  applications 
natively  on  the  same  chip. 

That  is  in  contrast  to  Intel’s  Itanium,  which 
runs  32-bit  applications  in  emulation  mode. 

“It  appears  that  the  Intel  architecture  has 
some  performance  issues  when  trying  to 
run  32-bit  code,"  says  Dan  Kusnetzky  an 
anaiyst  with  IDC.’AMD  kept  the  32-bit  core 
and  wrapped  the  64-bit  support  around  it.” 

Kusnetzky'  says  the  performance  differ¬ 
ences  might  be  significant  because  32-bit 


code  is  the  mainstay  of  Windows-based 
applications,  and  many  vendors  and  com¬ 
panies  might  be  unwilling  to  rewrite  their 
code  in  the  near  term. 

“We  are  excited  about  the  AMD  architec¬ 
ture  because  our  install  base  of  customers 
has  a  lot  of  32-bit  apps,”says  John  Borozan, 
Microsoft  product  manager  for  64-bit  Win¬ 
dows  Server.  “You  can  double  the  amount 
of  memory  available  to  an  application 
without  having  to  modify  it,  so  the  AMD 
architecture  provides  a  smoother  migra¬ 
tion  path.” 

But  Borozan  says  it  is  hard  to  make  an 
apples-to-apples  comparison  of  the  AMD 
and  Intel  chip  architectures. 

Despite  the  32-bit  features  of  the  AMD 
chip,  Microsoft  is  warning  users  that  the 
AMD-optimized  platform  is  incompatible 
with  32-bit  applications  that  have  16-bit  in¬ 


3Com 

continued  from  page  17 

“Our  network  is  maturing  to  a  point 
where  reliability  is  crucial,  because  of  our 
wider  use  of  applications  such  as  unified 
messaging  and  voice  over  IF?  he  says. 

“These  features  are  things  3Com  really 
needed  to  have  to  offer  a  true  enterprise- 
class  switch,”  says  Zeus  Kerravala.an  analyst 
with  The  Yankee  Group.  Many  corporations 
make  redundant  switch  fabrics  a  require¬ 
ment  when  putting  out  bids  for  network 
equipment,  he  adds.  He  says  3Com’s  previ¬ 
ous  high-availability  option  of  running 
VRRP  between  two  7700s  is  a  sound  prac¬ 
tice,  but  an  expensive  one. 

“Some  companies  may  not  want  to  buy 
two  switches  for  redundancy’  he  says.  “A 
failover  option  inside  the  box  is  enough  for 
some  customers.” 

The  Switch  7700R  will  compete  with 
small  backbone  chassis  such  as  Cisco’s 
Catalyst  4500  and  six-slot  6500  series,  and 


stallers,such  as  SQL  Server  2000  SP3;  appli¬ 
cations  that  depend  on  the  current  version 
of  the  .Net  framework;  and  applications 
that  have  32-bit  kernel-mode  drivers,  such 
as  Exchange  2003. 

Only  a  few  64-bit  applications  are  com¬ 
patible  with  the  beta,  according  to 
Microsoft,  including  Computer  Associates’ 
eTrust  Anti-Virus  beta  for  AMD  64-bit  and 
Microsoft’s  own  SQL  Server  “Yukon"  beta. 

The  32-bit  applications  that  are  compati¬ 
ble  include  IBM  DB2  Enterprise  Edition  7.2, 
IBM  WebSphere  Application  Server,  Lotus 
Domino  Server  6.0,  J.D.  Edwards  ERP  8.0 
and  SAP  R/3  4.7. 

Last  week’s  general  release  of  the  64-bit 
Windows  Server  code  for  Opteron  is  the 
same  code  released  to  private  testers  last 
fall.  Microsoft  officials  say  the  operating  sys¬ 
tem  is  not  feature-complete  and  updates  to 


products  from  Extreme  Networks,  Foundry 
Networks,  HP  and  Nortel.  The  Switch  7700 
chassis  is  based  on  technology  developed 
under  3Com’s  joint  venture  with  Huawei 
Technologies. 

Besides  the  hardware  upgrade, 3Com  also 
is  releasing  new  software  for  the  7700  and 
7700R  that  promises  advanced  security, 
management  and  routing/switching  fea¬ 
tures  for  the  backbone  switches.  Security 
features  added  to  the  box  include  SNMPv3. 
Experts  say  SNMPv3  is  more  secure  than 
previous  iterations  of  the  protocol  because 
it  allows  for  tighter  control  of  network  man¬ 
agement  traffic,  more  accurate  monitoring 
data  and  more  flexibility  in  terms  of 
deployment  and  administration. 

Routing  and  switching  upgrades  in  the 
software  include  Border  Gateway  Protocol 
Version  4  (BGP4)  and  the  introduction  of 
Multiple  Spanning  Tree  Protocol,  based  on 
Rapid  Spanning  Tree  Protocol. 

BGP4  will  give  Switch  7700  administrators 
more  routing  scalability  when  deploying 


the  beta  will  be  made  available  although 
there  might  not  be  another  formal  beta 
before  final  release. 

Microsoft  says  Windows  Server  2003, 
Enterprise  Edition,  for  64-Bit  Extended 
Systems  is  only  compatible  with  the  AMD 
chip  and  will  not  install  on  Itanium-based 
systems.The  beta  can  be  installed  on  up  to 
10  computers.  Microsoft  also  is  creating  a 
private  newsgroup  for  beta  testers  to  dis¬ 
cuss  technical  issues. 

Microsoft  says  the  Enterprise  Edition  beta 
is  well  suited  for  large  databases  and  line- 
of-business  applications.  It  can  support  up 
to  eight  processors  and  64G  bytes  of  RAM. 

The  Standard  Edition  is  targeted  at  high- 
performance  computing  clusters,  Terminal 
Services  and  Active  Directory  data  stores 
larger  than  2G  bytes.  It  supports  up  to  four 
processors  and  32G  bytes  of  RAM.  ■ 


the  box  in  large-scale  environments.  On  the 
LAN  side,  the  Spanning  Tree  upgrade  gives 
users  up  to  16  Spanning  Tree  domains  that 
can  implement  across  a  single  virtual  LAN 
(VLAN).  (Standard  spanning  tree  allows 
only  one  domain  per  VLAN.) 

3Com  says  splitting  up  VLANs  into  sepa¬ 
rate  Spanning  Tree  domains  could  let  net¬ 
works  that  use  VLANs  extensively  —  for 
such  applications  as  VoIP  or  wireless  LAN 
segmentation  —  add  more  resiliency  to 
these  network  segments.  This  beefed-up 
version  of  spanning  tree  lets  3Com’s  switch 
compete  with  switches  from  Cisco, 
Extreme,  Foundry  and  Nortel,  which  offer 
similar  VLAN/Spanning  Tree  capabilities. 

The  3Com  Switch  7700R  starter  kit  — 
available  at  the  end  of  the  month  for 
$26,000  —  includes  an  eight-slot  chassis,  a 
single  switch  fabric  module,  two  power 
supplies  and  a  fan  tray  A  back-up  fabric 
module  will  be  available  for  $10,000.  The 
Advanced  Feature  Software  will  be  avail¬ 
able  for  $5,000  on  Feb.  27.  ■ 


Middleware  is  Everywhere 


MIDDLEWARE  IS  IBM  SOFTWARE.  Powerful  software 
like  Tivolif  DB2®  and  WebSphere®  Open,  behind-the-glass 
technology  that  can  automate  it  all  -  IBM,  Microsoft?  Oracle, 
Sun.  Problems  are  foreseen  and  solved  before  they  occur. 
IT  resources  are  directed  to  core  business  needs.  Costs  are 
significantly  reduced.  It’s  automation.  On  demand.  And  it’s 
what  keeps  companies  and  customers  happy.  Very  happy, 
(©business  on  demand  "at  ibm.com/software/automate 


IBM,  dB2  Tivoli.  WebSphere,  the  e-business  logo  and  e-business  on  demand  are  registered  trademarks  or  trademarks  of  International  Business  Machines  Corporation  in  the  United 
States  and/or  other  countries  Microsoft  is  a  registered  trademark  ol  Microsoft  Corporation  in  the  United  States  and/or  other  countries.  Other  company,  product  and  service  names 
may  be  trademarks  or  service  marks  ol  others  2003  IBM  Corporation.  All  rights  reserved. 
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Venerable  IBM  server  carries  on 


a  BY  JENNIFER  WEARS 

Canadian  customs  broker  GHY  International  was 
rolling  out  Intel  servers  en  masse  as  it  sought  to 
keep  up  with  its  growth. The  booming  business  was 
nice,  but  the  multiplying  boxes  were  becoming  a  mon¬ 
ster  to  manage,  says  Nigel  Fortlage,  vice  president  of  IT 
at  the  company  in  Winnipeg,  Manitoba. 

Like  many  companies,  GHY  was  looking  to  consoli¬ 
date.  But  it  did  so  in  a  manner  that  might  come  as  a  sur¬ 
prise  to  some  network  executives.  It  folded  its  Intel 
servers  into  an  IBM  iSeries,  the  updated  platform  of  the 
legacy  AS/400  system  that  the  company  had  run  in  its 
data  center  since  the  late  1980s. 

“I’d  heard  IBM  talk  about  all  the  things  they  were 
doing  with  the  iSeries,  but  it  never  made  sense  because 
I  could  never  connect  it  with  my  business  mentally?’ 
Fortlage  says.“It  took  IBM  working  closely  with  us  for  the 
light  to  finally  go  on.  Now  I  know  what  it  can  do 
because  I’ve  lived  it  for  a  year.  ” 

What’s  unbelievable,  Fortlage  says,  is  the  ability  of  the 
midrange  box  to  support  everything  from  Windows  to 
open  source  to  Web  services.  And  IBM  plans  to  invest 
more  than  $5  million  over  the  next  two  years  in  its 
iSeries  line,  aiming  to  increase  the  flexibility  of  the 
box  to  ensure  it  remains  a  key  part  of  the  changing  IT 
landscape. 

Future  moves 

IBM  says  to  expect  the  servers  to  support  AIX  —  IBM’s 
version  of  Unix  —  this  year. That’s  in  addition  to  support 
already  available  for  Linux,  Windows  and,  of  course, 
OS/400. 

“We  have  this  concept  of  an  on-demand  operating 
environment,  and  what  we’re  trying  to  create  is  a  server 
that  ultimately  can  run  all  the  applica¬ 
tions  that  a  business  needs,”  says  lan 
Jarman,  product  manager  for  the 
iSeries.“What  we’re  focusing  on  is  inte¬ 
gration,  virtualization  and  management 
of  these  operating  systems  so  that  you 
can  share  resources  across  AIX  and 
OS/400,  for  example,  and  then  automati¬ 
cally  adjust  the  system  and  move 
capacity  where  you  need  it.” 

Other  enhancements  planned  for  this 
year  include  an  upgrade  to  IBM’s  64-bit 
Power  5  processor  and  a  new  64-way 
system. The  iSeries  offers  one  to  32 
processors  today.  As  far  as  software  goes, 
look  for  continuing  ISV  support  for  the 
iSeries  platform,  which  currently  runs  more  than  20,000 
offerings  from  more  than  4,500  software  companies.  For 
example,  in  the  past  year  the  number  of  Linux  applica¬ 
tions  for  the  iSeries  has  grown  from  “only  a  handful”  to 
hundreds  “with  more  coming  every  month,”  an  IBM 
spokeswoman  says. 

The  biggest  challenge  for  the  iSeries,  which  has  a  dedi¬ 
cated  following,  is  that  companies  that  haven’t  deployed 
the  box  might  question  its  strategic  role  in  their  data 

centers. 

The  iSeries,  like  IBM’s  mainframes, suffers  because  of 
people’s  outdated  perceptions  of  what  it  does,  says 


Charles  King,  a  research  director  at  Sageza  Group. 

“But  things  have  changed  so  radically  in  the  last  36  to 
48  months  for  both  of  those  platforms  with  the  emer¬ 
gence  of  Linux  and  some  other  things  that  the  iSeries  of 
today  is  a  considerably  different  machine  than  the 
iSeries  people  might  have  thought  of  when  they  thought 
AS/400  even  five  years  ago,”  he  says. 

At  the  end  of  2001,  with  business  growing,  GHY’s  Fort¬ 
lage  didn’t  think  to  look  at  the  iSeries  as  a  means  of  tak¬ 
ing  up  the  burgeoning  load.  While  the  iSeries  chugged 
along,  running  the  company’s  core  business  application, 
Fortlage  and  his  staff  threw  in  Intel  boxes  one  after  the 
other  to  meet  growing  IT  demand. 

“With  a  team  of  three,  we  spent  90%  of  our  time  man¬ 
aging  that  environment,”  says  Fortlage,  who  planned  to 
increase  the  number  of  Intel  servers  from  seven  to  16. 

Faced  with  the  prospect  of  having  to  double  his  IT 
staff  simply  to  manage  all  the  boxes,  something  his  com¬ 
pany  wasn’t  about  to  support,  Fortlage  last  year  huddled 
with  IBM.  At  the  time  IBM  was  focusing  on  its  small  and 
midsize  customers,  and  they  figured  out  a  way  to  reduce 
his  management  burden  by  giving  the  iSeries  a  greater 
role  in  the  data  center. 

Fortlage  ended  up  bringing  in  another  iSeries  and  con¬ 
solidated  his  seven  Intel  servers  onto  the  boxes,  which 
run  Intel  server  cards  to  support  Windows.  He  also  is 
running  Linux  in  10  logical  partitions  within  one  of  the 
servers. 

“Within  the  two  iSeries,  I  run  my  Windows  servers,  I  run 
my  Linux  servers,  I  run  my  Dominos  servers.  I  run  my 
core  business  applications  on  the  iSeries,”  he  says.“It’s 
our  firewall,  our  gateway,  our  DNS  server.  It’s  our  mail 
server.  And  Linux  on  iSeries  gives  you  a  true  enterprise- 
class  machine. . .  .To  break  that  down  in  the  Intel  world, 
I’d  be  looking  at  10  highly  resilient  redundant  Intel 

servers,  which  get  to  be  very  expensive.” 

Fortlage  says  he  spent  about  $23,450 
less  bringing  in  the  new  iSeries  than  he 
would  have  spent  deploying  compara¬ 
ble  Intel  servers  and  is  currently  14% 
under  budget  for  the  year.  In  addition,  he 
has  avoided  the  cost  of  hiring  an  addi¬ 
tional  three  people  to  manage  the  grow¬ 
ing  number  of  Intel  servers  he  would 
have  had  to  deploy,  he  says. 

Server  consolidation 

Those  kinds  of  savings  stemming  from 
consolidating  Windows  and  Linux 
servers  onto  the  iSeries  aren’t  surprising 
given  an  IBM-sponsored  study  that  IDC 
conducted  last  year. The  study,  which  looked  at  six  busi¬ 
nesses  —  four  manufacturing  companies,  a  hospitality 
company  and  a  services  company  —  that  used  iSeries 
to  consolidate  x86-based  servers,  found  an  average  ROl 
of  more  than  200%  over  three  years.  In  addition,  invest¬ 
ment  in  the  platform  was  paid  back  in  about  nine 
months  and  the  companies  cut 
downtime  associated  with  Linux 
and  Windows  servers  by  90%. 

“Yes,  the  iSeries  may  have  a  high 
cost  of  entry  [a  low-end  iSeries 
starts  at  about  $10,000,  and  the 


What's  up  with  iSeries 

IBM’s  legacy  AS/400  system,  now  called  the 

iSeries,  has  evolved  to  be  more  flexible  than 

some  network  executives  might  think.  But 

challenges  still  loom  for  the  niche  server. 

Challenges: _ 

•  Exposed  roots. The  iSeries'  AS/400  roots  leave 
the  impression  that  the  system  is  capable  of  running 
only  OS/400  applications. 

•  Idiosyncratic.The  iSeries  makes  good  on  a 
promise  to  run  multiple  applications  and  operating 
systems  on  one  machine,  but  that  means  users 
have  to  buy  into  the  IBM  vision. 

•  Staying  stable.  IBM  is  committed  to  evolving  the 
iSeries  to  support  new  technologies,  but  it  must 
keep  the  reliability  and  stability  of  the  box  intact. 

Strategies: 

•  Software  support.  IBM  says  it  will  continue  to  work 
with  ISVs  to  bring  more  applications  to  the  iSeries. 

•  Push  reliability.  Stability  and  reliability  of  the 
server  remain  the  focus  for  IBM  even  as  it  advances 
the  iSeries  to  support  new  technologies. 

•  Outline  options.  In  addition  to  supporting  multiple 
operating  systems,  virtualization  and  logical  par¬ 
titions,  the  iSeries  also  offers  capacity  on  demand 
so  users  can  pay  for  extra  processing  power  only 
when  they  need  it. 

high-end  systems  start  at  about  $1  million]  but  if  you  look 
at  those  costs  over  the  total  life  cycle  and  include  opera¬ 
tional  costs,  ongoing  maintenance  of  the  system.it  wins 
hands  down,” says  Mike  Shaw,  iSeries  operations  manager 
at  winery  Kendall-Jackson  in  Santa  Rosa,  Calif. 

Kendall-Jackson  has  been  running  gin  AS/400  since  the 
mid-1990s,  but  earlier  this  year  deployed  an  iSeries  i870 
in  an  effort  to  give  its  data  center  a  boost. The  i870 
hooks  into  IBM  storage  via  fiber  and  has  significantly 
reduced  back-up  time,  Shaw  says. 

The  bottom  line 

“The  bottom  line  is  the  increase  in  availability  to  our 
user  community  is  just  short  of  phenomenal,”  he  says. 
“What  was  taking  me  six  hours  to  perform  in  terms  of 
backup,  we’re  now  doing  in  just  under  two  hours.” 

Lady  Remington  Jewelry  turned  to  the  iSeries  when 
HP  announced  the  end  of  life  for  its  midrange  server, 
the  e3000.Al  Karman.IT  director  at  the  direct  marketer 
based  in  Bensenville,  Ill., says  the  iSeries  provides  the 
reliability  and  stability  he  needed  for  his  ERP  package, 
while  also  offering  flexibility  that  wasn’t  available  with 
the  HP  server. 

“The  iSeries  runs  virtually  any  code 
you  throw  at  it,”  he  says.“We  aren’t 
locked  into  an  offering.  If  it  makes 
business  sense  to  write  RPG  solutions, 
or  Cobol  or  Java  scripting  or  C++  this 
machine  supports  them  all.”  ■ 


Power  in 
numbers 

According  to  IBM, 
more  than 
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businesses  run  an 
iSeries  server 
today. 
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Middleware  is  Everywhere 


Can  you  see  it? 
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MIDDLEWARE  IS  IBM  SOFTWARE.  Software  like  IBM 
DB2  Content  Manager.  A  complete  and  open  solution  that 
easily  manages  and  leverages  information  from  almost 
anywhere.  Even  content  like  video  and  scanned  images  is 
easily  and  securely  accessed.  It’s  how  responsiveness 
increases,  productivity  soars  and  knowledge  becomes  power, 
(©business  on  demand™  Go  to  ibm.com/db2/middleware 


1.  Verifies  insurance  on  the  spot. 

2.  Files  digital  claim  in  an  instant. 

3.  Approves  estimate  at  the  site. 

4.  Orders  new  bumper  at  the  scene 

5.  Receives  settlement  in  a  snap. 
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SITEKEEPER  3. 


The  affordable  way  to  automate  your  systems  management 

No  steep  learning  curve.  No  special  training.  No  wonder  so  many  system  administrators 
are  raving  about  new  Sitekeeper  3.0!  With  its  amazingly  simple  interface,  you  can  easily 
manage  and  distribute  software  patches  and  updates,  track  license  compliance,  and 
inventory  hardware  and  software  -  all  within  minutes  of  installation.  You'll  be  amazed  at 
the  time  you  save.  Imagine  never  having  to  perform  manual  machine-by-machine 
updates  and  inventories  again! 

And  that's  just  the  start.  Sitekeeper  doesn't  require  dedicated  servers  or  expensive 
databases,  so  it  easily  fits  in  your  budget.  Sitekeeper  runs  on  any  NT/2K/XP  machine  and 
manages  clients  running  any  version  of  Windows,  from  95  to  Server  2003.  Install 
Sitekeeper  and  start  managing  right  away.  Cut  out  complexity  and  increase  productivity 
with  NEW  Sitekeeper  3.0! 

It's  everything  except  complicated 


DOWNLOAD  FREE 

SITEKEEPER  3.0  TRI ALWARE  NOW: 
www.executive.com/nwsk31 
or  call  1-800-829-6468  Ext.:  4258 
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Users  tackle  Linux  management 

With  the  operating  system  growing  in  popularity,  customers  look  for  mgmt.  help. 

■  BY  DENISE  DUBIE 


■  GFI  has  made  available  a  freeware 
version  of  its  Network  Server 

Monitor,  a  tool  that  monitors  a  net¬ 
work  and  its  servers  to  identify  and  fix 
failures.  The  freeware  version  lets 
users  check  availability  of  HTTP  and 
Secure-HTTP  sites  and  confirm 
whether  the  correct  Web  content  is 
being  served  up  and  that  a  site  has 
not  been  vandalized.  An  ICMP/ping 
function  monitors  whether  a  particu¬ 
lar  server  is  still  responding.  The  free¬ 
ware  can  be  downloaded  at  www.gfi. 
com/nsm /  and  includes  access  to  a 
full  version  of  the  software  for  60 
days.  After  the  evaluation  period,  only 
the  HTTP  and  ICMP/ping  checking 
features  are  available. 

■  Cranite  Systems  has  released  a 
client  application  that  secures  Mac 
OS  X-based  handheld  computers  on 
wireless  LANs.  The  software,  Wire- 
lessWall  Client  for  Mac  OS  X,  is  a 
thin  client  and  equips  a  device  using 
OS  X  to  work  with  the  company’s 
WirelessWall  Policy  Server  and 
Access  Controller  product.  Wire¬ 
lessWall  lets  network  administrators 
centrally  set  up  and  manage  WLAN 
access,  intrusion  detection,  and  other 
security  features.  It  works  with  any 
802.1 1-based  access  point  and  applies 
Advanced  Encryption  Standard  cryp¬ 
tography  at  Layer  2,  thereby  protect¬ 
ing  network  addresses,  ports  and 
other  lower-layer  resources.  The  client 
incorporates  Mac  OS  X  devices  into 
this  security  framework.  It  is  part  of 
WirelessWall  and  available  at  no 
charge  to  existing  Cranite  customers. 
WirelessWall  starts  at  $1,550  for  a  10- 
user  license. 

■  Network  Associates  last  week 
announced  McAfee  VirusScan  PDA 

enterprise,  a  version  of  its  anti-virus 
software  for  Microsoft  Pocket  PC  and 
Windows  mobile  devices.  McAfee 
VirusScan  PDA  Enterprise  can  be 
managed  via  the  same  anti-virus  man¬ 
agement  console  —  the  McAfee 
ePolicy  Orchestrator  —  that  manages 
other  versions  of  McAfee  anti-virus 
software.  Pricing  is  $11.34  per  100 
users. 


When  Sean  Lentner  made  the  decision 
to  move  a  dozen  servers  from  Windows  NT 
to  the  Linux  server  platform, he  also  had  to 
consider  changing  how  he  managed  those 
boxes.  Specifically,  the  systems  analyst  at 
NYF1X,  an  electronic  trading  firm  in  Stam¬ 
ford,  Conn.,  says  he  needed  to  find  soft¬ 
ware  that  would  let  him  manage  the  12 
Red  Hat,  Debian  and  Gentoo  boxes  along¬ 
side  the  1 ,000  or  so  Windows  servers  in  the 
network. 

“Because  we  still  have  a  lot  of  Windows 
servers,  we  needed  to  use  something  that 
would  let  us  manage  everything  —  moni¬ 
tor  general  aspects  of  the  machines,  dis¬ 
tribute  patches  —  from  one  console,”  says 
Lentner,  who  made  the  server  switch  about 
three  years  ago.“We  couldn’t  risk  shutting  a 
server  down  or  having  a  box  act  flaky,  and 
we  needed  to  have  a  solid  management 
plan  to  apply  to  all  servers.” 

Lentner  made  the  switch  to  Linux  to 
guarantee  his  electronic  trading  applica¬ 
tion  a  stable  platform,  but  he  also  needed 
to  ensure  the  operating  system  could  be 
managed  with  his  enterprise-class  tools. 

As  more  corporate  users  are  considering 
Linux  as  a  viable  operating  system,  they  are 
looking  to  vendors  to  provide  better  man¬ 
agement  tools  to  support  larger  Linux 
deployments. 

A  recent  SG  Cowen  survey  of  more  than 
500  IT  users  found  that  65%  of  respondents 
planned  to  increase  their  use  of  Linux 
within  the  next  few  years,  including  29%  of 
companies  that  have  yet  to  deploy  Linux. 
Today  Linux  is  used  at  more  than  80%  of 
the  firms  surveyed,  with  72%  using  it  on 
servers  and  15%  using  it  on  the  desktop.  As 
far  as  server  deployments  go,  Linux  is  used 
most  at  the  Web  access  tier,  although  it  also 
is  starting  to  gain  traction  in  database  and 
application  tiers,  the  survey  found. 

According  to  the  survey  the  move  to 
embrace  Linux  is  driven  primarily  by 
improved  reliability  and  better  scalability 
of  the  operating  system,  with  companies 
opting  not  to  deploy  Linux  saying  that 
application  availability  service  and  sup¬ 
port  concerns  were  holding  them  back. 

Linux  software  vendors  such  as  Red  Hat, 
SuSe  (acquired  by  Novell)  andTurboLinux 
provide  system-monitoring  tools  with  the 
operating  systems  to  help  automate  server 
management  tasks.  Linux  hardware  ven¬ 
dors  such  as  Dell,  HR  IBM  and  Sun  provide 

See  Linux,  page  26 


Lassoing  Linux 

Hardware  and  software  vendors  provide  a  variety  of  tools  to  provision 
new  boxes,  monitor  server  performance  and  maintain  availability  across 
Linux  environments.  Here’s  a  sample  of  products: 


Vendor 

Product 

Features 

Debian 

Package  Management 
System 

Manipulates  packages  or  parts  of  pack¬ 
ages;  breaks  up  packages  for  transmis¬ 
sion;  and  installs  packages  on  remote 
FTP  sites. 

Dell 

Dell  OpenManage 
Server  Assistant  for 

Linux 

Monitors  hardware  component  health; 
manages  remote  servers;  and  integrates 
with  management  suites. 

HP 

Systems  Insight 
Manager 

Performs  fault  monitoring,  configuration 
and  workload  management. 

IBM 

Tivoli  System 
Automation  for  Linux 

Discovers  system  resources;  maintains 
availability  to  automate  manual  manage¬ 
ment  tasks. 

Red  Hat 

Network  Management 
Module 

Performs  systems  grouping;  enable  sys¬ 
tems  permissions;  automated  scheduled 
actions;  and  includes  package  profile  com¬ 
parison  tools. 

Sun 

Sun  Grid  Engine 

Distributed  resource  management  and 
job  queing;  and  aggregates  the  compute 
power  of  servers  and  workstations. 

Netriplex  spam  service, 
money-back  guarantee 


■  BY  CARA  GARRETSON 

Data  hosting  company  Netriplex  has 
jumped  into  the  anti-spam  market  with  a 
service  that  guarantees  to  keep  unwanted 
messages  from  a  company’s  in-boxes,  or 
else  it  will  reimburse  customers  $1  per 
spam  message  received. 

Called  Netriplex  E-mail  Management 
Solution,  the  service,  which  became  avail¬ 
able  last  week,  offers  spam  and  virus  pro¬ 
tection  through  the  company’s  hosted 
e-mail  service. 

Customers  can  chose  to  have  only  their 
incoming  mail  or  both  incoming  and  out¬ 
going  messages  routed  through  Netri- 
plex’s  nine  data  centers  located  around 
the  country  says  CTO  Jonathan  Hoppe. 
The  company  has  roughly  100  customers 
using  the  service,  including  some  large 


corporations  and  ISPs. 

The  service  uses  approximately  10,000 
homegrown  algorithms  to  detect  un¬ 
wanted  messages,  and  blacklists,  white- 
lists  and  proprietary  technology  called 
SpamSig  that  the  company  won’t  yet 
divulge  information  on  because  it’s  apply¬ 
ing  for  a  patent. 

It’s  unusual  for  an  anti-spam  vendor  to 
claim  100%  spam  blocking  while  main¬ 
taining  a  zero  false-positive  rate.  Instead, 
most  vendors  say  there’s  a  trade-off 
involved.  For  Brightmail  to  maintain  its 
one-in-l-million  false-positive  rate,  its  soft¬ 
ware’s  effectiveness  in  catching  spam 
messages  hovers  around  92%.  Brightmail 
officials  say  its  customers  are  more  con¬ 
cerned  with  missing  legitimate  e-mail 
messages  than  with  having  in-boxes  that 
See  Netriplex,  page  26 
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Andrew  Odlyzko  is  at  it  again. He  keeps 
putting  out  tenaciously  researched 
papers  that  make  it  very  clear  that  one 
“common  wisdom”  or  another  is  funda¬ 
mentally  flawed.  His  latest  target  is  the  tele¬ 
phone  industry  assumptions  about  what 
types  of  technology  to  invest  in. 

While  Odlyzko  is  at  it,  he  describes  a  sig¬ 
nificant  conflict  between  the  architectural 
assumptions  that  brought  us  the  Internet  of 
today  and  the  ability  for  the  ISPs  to  make  a 
living. 

His  most  recent  paper, “Pricing  and  archi¬ 
tecture  of  the  Internet:  Historical  perspec¬ 
tives  from  telecommunications  and  trans¬ 
portation”  (see  www.nwfusion.com,  Doc- 
Finder:  9232),  was  published  last  Decern- 


The  Internet  is  not  a  railroad,  or  is  itP 


ber.The  paper  combines  a  history  of  trans¬ 
portation  pricing  with  an  exploration  of 
which  lessons  from  that  history  might 
apply  to  the  Internet. 

Odlyzko  says  the  Internet  might  be  an 
anomaly  in  the  transport  business  because 
the  cost  does  not  currently  depend  on 
what  is  being  transported.  Many  other 
transportation  systems,  including  railroads 
and  freight  haulers,  charge  different  rates 
for  carrying  different  types  of  goods.  ISP 
pricing  does  not  take  into  account  what  is 
in  the  packets  transported  over  the  net¬ 
work.  Surfing  the  Web,  downloading  music 
or  watching  a  NASA  telecast  of  the  Mars 
landing  all  cost  the  same. 

The  Internets  basic  architectural  design 
assumed  that  ISPs  just  carried  packets. 
ISPs  didn’t  know  what  was  in  those  pack¬ 
ets  and  didn’t  care.  But,  as  Odlyzko  notes, 
there  are  now  a  number  of  reasons  to 
think  about  changing  this  architectural 
assumption.  These  issues  are  more  fully 
explored  in  a  2002  paper  by  MIT  re¬ 


searchers  Dave  Clark,  John  Wroclawski 
and  Karen  Sollins,  along  with  USC  re¬ 
searcher  Bob  Braden,  called  “Tussle  in 
Cyberspace:  Defining  Tomorrow’s  Inter¬ 
net”  (DocFinder:  9233).  Some  reasons  that 
it  might  become  important  that  ISPs  begin 
to  know  more  about  what  is  going  on  over 
their  networks  include  economic  issues 
(for  example,  ISPs  need  to  figure  out  a 
way  to  benefit  from  high-value  traffic  to 
improve  their  ability  to  be  profitable)  and 
regulatory  issues  (for  example,  law  en¬ 
forcement  agencies  feel  they  need  to  be 
able  to  wiretap  Internet-based  communi¬ 
cations).  Odlyzko  and  Clark  et  al.  see  sig¬ 
nificant  conflicts  going  forward  over  these 
issues.  These  conflicts  might  result  in  an 
Internet  far  less  open  for  innovation  than 
the  historical  one. 

One  part  of  Odlyzko’s  paper  that  has  got¬ 
ten  the  most  attention,  at  least  on  slash  dot, 
is  his  observation  that  “essentially  all  major 
networking  initiatives  of  the  last  decade, 
such  as  ATM,  [quality  of  service],  [Re¬ 


source  Reservation  Protocol], multicasting, 
congestion  pricing,  active  networks  and 
3G,  have  turned  out  to  be  duds.”This  might 
be  a  bit  overstated.  He  is  quite  right  that 
none  of  these  technologies  have  turned 
out  to  be  successful  carrier-based  cus¬ 
tomer  services,  but  many  of  them  (not 
including  congestion  pricing,  active  net¬ 
works  or  3G)  have  turned  out  to  be  quite 
successful  within  enterprise  networks. 

Odlyzko’s  papers  tend  to  be  clear, 
thought-provoking  and  annoying.  Annoy¬ 
ing  in  that  they  tend  to  poke  holes  in  too 
many  of  my  not-well-thought-through 
assumptions.  Sometimes  annoying  is  the 
right  thing  to  be. 

Disclaimer:  The  words  “annoying”  and 
“Harvard”  do  seem  to  show  up  in  the  same 
sentence  rather  often,  but  the  above  posi¬ 
tive  view  of  annoyance  is  my  own. 

Bradner  is  a  consultant  with  Harvard 
University's  University  Information  Systems. 
He  can  be  reached  at  sob@sobco.com. 


Linux 

continued  from  page  23  . 

management  software  to  keep  track  of 
Linux  boxes.  But  the  move  is  on  from 
Computer  Associates  and  HP  (with  its 
Systems  Insight  Manager)  to  provide  an  all- 
in-one  server  management  tool  that  brings 
Linux  management  data  on  the  same 
screen  with  Unix  and  Windows  monitors. 

As  Lentner  puts  it,  “I  think  you  get  less 
ulcers”  when  you  can  watch  all  machines 
from  one  location. 

In  the  past,  he  and  his  team  used  a  lot  of 
scripts  and  telnet  sessions  to  keep  track  of 
Linux  and  other  server  status,  but  Lentner 
says  the  demands  of  NYFIX’s  e-business 
grew  faster  than  his  staff  could  work.  Lent¬ 
ner  decided  to  work  with  CA  Unicenter 
Network  and  Systems  Management  soft¬ 
ware.  He  had  been  a  customer  of  the  com¬ 
pany’s  software  distribution  tool  and  started 
using  the  enterprise  management  software 
to  manage  his  heterogeneous  network. 

Because  of  the  immediate  nature  of  elec¬ 
tronic  trading  and  the  number  of  small  bro¬ 
kerage  firms  NYF1X  supports,  Lentner  want¬ 
ed  to  be  able  to  apply  patches  to  Linux 
servers  that  support  a  specific  Internet 


More  online! 


Which  new  technologies  best  improve  network  perfor¬ 
mance?  Which  breakthroughs  in  caching  and  compres¬ 
sion  free  up  WAN  capacity?  Find  out  in  February  at 
Network  World's  Technology  Tour,  Network 
Management:  The  New  Business  Focus. 
DocFinder.  9227 


application  on  the  fly  without  shutting 
down  operations.  He  plans  to  migrate 
NYFIX’s  Windows-based  trading  tablet  to 
Linux  when  more  clustering  options 
become  available. 

Jerald  Sheets,  senior  Unix  systems  admin¬ 
istrator  at  Our  Lady  of  the  Lake  Regional 
Medical  Center  in  Baton  Rouge,  La.,  refers 
to  his  15  Red  Hat  Linux  instances  as  a 
“Godsend”  for  the  nonprofit  hospital.  He 
uses  the  operating  system  for  DNS, Web  and 
e-mail  servers,  and  in  that  capacity  man¬ 
agement  isn’t  much  of  an  issue.  Yet  Linux 
used  in  the  wrong  scenario  can  cause 
problems. 

“If  you  need  a  database  that  will  support 
a  100  million  row  table,  don’t  choose 
Linux,”  Sheets  says. “A  full-table  scan  in  that 
scenario  on  inadequate  hardware  will 
bring  your  application  to  a  crawl  and  give 
Linux  a  bad  name.” 

Another  potential  downfall  for  managing 
Linux  is  mixing  and  matching  too  many  fla¬ 
vors.  Multiple  Linux  distributions  running 
side  by  side  also  can  cause  management 
glitches,  says  Rick  Beebe,  manager  of  sys¬ 
tems  and  network  engineering  at  the  Yale 
University  School  of  Medicine  in  New 
Haven, Conn. He  says“Linux  is  Linux” is  not 
the  case.  “There  is  a  lot  of  ancillary  details 
done  differently”  that  can  wreak  havoc 
when  trying  to  manage  and  maintain  mul¬ 
tiple  Linux  servers  running  different  flavors 
of  Linux,  he  says. 

“You  spend  a  lot  of  time  hunting  things 
down  if  you  use  different  distributions,  and 
it’s  just  confusing,”  Beebe  says. 

Beebe  runs  Red  Hat  Linux  on  12  produc¬ 
tion  servers,  and  for  the  most  part  he  can 
manage  them  manually  with  the  help  of  an 
application  called  Webmin.  He  says  now 
he  doesn’t  see  the  need  to  use  an  enter¬ 
prise  management  software  tool  for  his 
Linux  servers  because  he  doesn’t  think 
the  operating  system  is  ready  for  data  cen¬ 
ter  deployments.  ■ 


Netriplex 

continued  from  page  23 

are  100%  spam-free. 

In  the  months  that  Netriplex  has  beta- 
tested  its  anti-spam  service,  the  company 
has  not  experienced  a  single  false  positive 
or  uncaught  spam  message,  Hoppe  says. 
That  has  led  Netriplex  to  offer  users  $1  for 
every  spam  message  that  eludes  its  ser¬ 
vice  and  winds  up  in  an  in-box,  up  to  the 
monthly  fee  that  the  user  pays  for  the  ser¬ 
vice,  he  says.“A  lot  of  our  competition  puts 


Jonathan  Hoppe 

CTO,  Netriplex 

money  into  their  algorithms,  but  they 
don’t  work  around  the  clock  to  perfect 
them,”  Hoppe  says. 

Spam  weeders 

Netriplex’s  technology  acts  like  human 
beings  weeding  spam  messages  out  of 
their  in-box,  Hoppe  says.“When  you  sit  in 
front  of  your  in-box  each  morning,  you 
know  exactly  which  [messages]  are 
spam  by  who  it’s  from  and  the  subject 
line,”  he  says.“We’ve  really  finally  grasped 
that." 

“It  sounds  too  good  to  be  true,” says  Matt 
Cain,  an  analyst  at  Meta  Group,  adding 
that  it’s  difficult  for  computers  to  emulate 
human  beings  when  deciding  what  spam 
is  because  people  have  different  defini¬ 
tions  of  what  they  consider  unwanted 
e-mail. 


“I  wouldn’t  say  [what  Netriplex]  is 
doing  is  technically  impossible,  but  no 
one  else  has  done  it.” 

One  practice  that  Hoppe  says  sets 
Netriplex  apart  from  other  anti-spam  ser¬ 
vice  providers,  such  as  FrontBridge  and 
Postini,  is  when  its  service  is  only  99% 
sure  that  a  message  is  spam,  a  set  of  man¬ 
ual  filters  are  applied  to  make  a  final 
determination.  It  can  take  up  to  30  sec¬ 
onds  to  apply  these  additional  filters  on 
each  questionable  message,  which  repre¬ 
sent  less  than  1%  of  all  messages 


received. 

However,  Hoppe  admits  the  service  like¬ 
ly  will  misidentify  some  obscure  newslet¬ 
ters  as  spam.  He  added  that  a  company’s 
e-mail  administrator  or  users  could  lever¬ 
age  the  included  management  tools  to 
add  such  newsletters  to  whitelists  of 
e-mails  that  should  never  be  blocked. 

Pricing  for  the  Netriplex  E-mail 
Management  Solution  starts  at  $59  per 
month  for  inbound  scanning  of  up  to 
35,000  messages.  Additional  messages 
beyond  the  35,000  limit  cost  $2  for  every 
thousand.  For  larger  companies,  prices 
start  at  $199  per  month  for  up  to  100,000 
inbound  and  100,000  outbound  mes¬ 
sages,  with  additional  inbound  messages 
costing  $1.75  per  1,000  messages  and  out¬ 
bound  messages  priced  at  75  cents  per 
1 ,000  messages.  ■ 


fclA  lot  of  our  competition  puts  money  into 
their  algorithms,  but  they  don’t  work  around 
the  clock  to  perfect  them.! 9 
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Goodbye,  Cisco;  hello,  Procket 


Six  months  after  losing  its 
CEO,  router  start-up  Procket 
Networks  has  landed  a  new 
one:  Roland  Acra,  formerly 
Cisco  s  senior  vice  president 
and  Service  Provider  CTO. 

Acra,  who  reported  to  Cisco 
Chief  Development  Officer 
Mario  Mazzola, jumps  to 
Procket  as  Cisco  keeps  the  industry  waiting 
for  its  next-generation  high-end  router  and 
operating  system.  On  his  first  day  at  his  new 
job,  Acra  shared  some  thoughts  with  Net¬ 
work  World  Managing  Editor  of  The  Edge 
Jim  Duffy. 

What  attracted  you  to  Procket? 

The  team,  first  and  foremost.  It’s  a  great  bunch  of  peo¬ 
ple,  a  very  very  strong  networking  team.  A  great  tech¬ 
nology,  great  products  that  are  out  there  shipping.  All  of 
the  technology  risk  was  now  removed  from  the  prod¬ 
uct  despite  the  very  cutting-edge  nature  of  what  has 
gone  into  the  product  in  terms  of  silicon  innovation 
and  next-generation  operating  system  structures. 

The  timing  was  right. Over  the  next  12  to  18 
months  there  will  be  an  upswing  in  the  market  for 
high-end  routers.  So  being  there  now  and  building 
the  sales  momentum  and  focusing  on  the  sales 
effort  is  good  timing. 


How  did  you  view  Procket  while  you  were  working  at  Cisco? 

I  had  the  view  that  they  had,  by  far,  the  best  avail¬ 
able  technology  on  the  market  today  So  when  it 
came  to  technology  edge  —  in  terms  of  perfor¬ 
mance,  density,  structural  reliability,  in  terms  of  what 
software  and  hardware  architecture  underlies  the 
product  —  the  level  of  silicon  integration  and  inno¬ 
vation  is  absolutely  unique.This  is  not  a  feature 
which  somebody  else  can  do  in  60  days  and  say, ‘me 
too.  I’ve  got  it  now.’ 

Just  about  everyone  I  have  talked  to  [at  Procket]  is 
the  best  that  there  is  in  the  industry  —  the  software 
folks,  the  hardware  folks,  the  architects. 

Is  Procket  doing  anything  technologically  that  Cisco  should 
emulate? 

Procket  [which  was  founded  in  1999]  is  building 
its  product  on  a  few  key  premises,  which  Are  going 
to  be  the  definition  of  what  next-generation  routers 
are  about:  One  is  a  very  advanced  level  of  silicon 
integration,  and  a  combination  of  speed  and  feature 
capability  The  integration  is  important  because 
through  the  integration  into  custom  chips,  you  get  a 
lot  of  savings  passed  on  to  the  customer. You  get  a 
lower  price  point  because  of  your  cost  of  goods 
reduction;  you  get  lower  power  dissipation;  you  get 
better  density  and  space  usage.  And  then  the  ability 
to  have  feature  programmability  at  the  same  time  as 
wire-speed  performance  means  that  you’re  protected 
against  any  new  demand  your  network  will  place  on 
you  in  the  future. 

On  the  software  side,  where  Procket  has  written  the 


book  is  in  developing  the  most  modular  and  cleanly 
designed  operating  system. The  compartmentaliza- 
tion  of  the  different  protocols  makes  for  not  only  a 
very  reliable  system,  but  also  for  the  best  cycles  of 
time  to  bug  fix,  add  new  functionality,  or  reduce 
downtime  every  time  you’re  considering  a  planned 
event  on  the  network  —  such  as  an  upgrade  —  or 
an  unplanned  event,  such  as  a  bug  that  you  need 
to  address. 

Did  any  frustration  at  Cisco  with  either  the  pace  of  tech¬ 
nology  development  or  organizational  structure  prompt 
you  to  leave? 

No,  my  leaving  was  entirely  a  pull  model  as  opposed 
to  a  push.  I  didn’t  leave  as  much  as  I  came  to  Procket. 

It  has  been  reported  that  one  of  the  challenges  internally 
at  Procket  is  in  working  with  the  founders,  including  Chief 
Scientist  Tony  Li.  How  closely  did  you  work  with  Li  when 
the  two  of  you  were  at  Cisco? 

I  worked  with  him  a  lot  back  when  1  was  with 
Cisco  in  Europe.  I  was  building  the  technical  field 
organization  at  the  time.  So  I  was  facing  the  cus¬ 
tomers,  designing  IP  backbones  and  [Border  Gate¬ 
way  Protocol]  routing  designs,  and  Tony  would  be 
one  of  the  guys  who  would  be,  despite  nine  hours  of 
difference,  on  his  e-mail  answering  my  questions  and 
helping  me  through  it.  We  stayed  great  friends  since 
then  and  he  was,  by  the  way,  one  of  the  initial  folks 
who  felt  me  out  and  approached  me  about  Procket 
to  see  if  I  was  interested.  I’m  very  excited  to  be  back 
working  with  him.® 


DISA  names 
winning  bidders 

■  BY  JIM  DUFFY 

The  Defense  Information  Systems 
Agency  has  announced  the  winning  bid¬ 
ders  for  the  agency’s  Global  Information 
Grid-Bandwidth  Expansion  network. 

GIG-BE  is  a  $900  million  effort  to  upgrade 
DISAs  network  with  optical,  Ethernet  and 
enhanced  security  technologies. 

Under  “indefinite-delivery,  indefinite- 
quantity”  subcontracts  to  prime  contractor 
SA1C,  Ciena  will  supply  GIG-BE’s  optical 
transport  systems;  Sprint  and  Sycamore 
Networks  will  provide  optical  digital  cross¬ 
connects;  Juniper  will  supply  edge  and 
core  routers;  and  Qwest  and  Cisco  have 
won  the  multi-service  provisioning  plat¬ 
form  piece  of  the  contract.  ■ 


■  Industry  heavyweights  have  joined  to 
define  a  standard  for  sending  high-speed 
data  and  video  traffic  over  existing  coax¬ 
ial  cable  that  connects  to  televisions  in 
most  homes.  Cisco,  Comcast, 
EchoStar,  Matsushita  Electric, 
RadioShack  and  Toshiba  have  formed 
the  Multimedia  Over  Cable  Alliance 
to  work  on  the  specification.  The  alliance 
is  building  on  technology  from  start-up 
Entropic  Communications  to  develop 
a  standard  that  is  expected  to  support 
transmission  rates  from  100M  to  270M 
bit/sec.  Competing  technologies  would 
include  Wi-Fi  and  those  designed  to 


exploit  existing  phone  and  power  lines. 

■  Broadband  equipment  maker  Red- 
back  Networks  last  week  announced 
it  has  exited  from  Chapter  11  bank¬ 
ruptcy  protection,  having  shed  approxi¬ 
mately  $467  million  of  its  existing  debt 
and  eliminated  $44  million  from  its 
expense  model.  The  company,  which 
was  founded  in  1996,  announced  plans 
in  November  to  restructure  itself 
under  Chapter  11  after  a  third-quarter 
loss  of  $18.1  million. 

■  Advanced  Fibre  Communications 

last  week  said  it  signed  a  definitive 
agreement  to  acquire  Marconi's  North 
American  Access  business  unit  for 
$240  million.  The  deal  expands  AFC’s 


optical  access  portfolio  with  Fiber-to- 
the-Curb  and  digital-loop  carrier  equip¬ 
ment.  AFC  already  sells  Fiber-to-the- 
Premises  equipment,  such  as  central- 
office  and  premises  optical  electronics 
gear  known  as  “active"  elements. 

■  SBC  last  week  acquired  privately 
held  network  consulting  company 
Callisma  in  an  effort  to  broaden  its 
managed  service  portfolio  for  enter¬ 
prise  networks.  Terms  of  the  deal  were 
not  disclosed.  Callisma  has  125  employ¬ 
ees,  all  of  whom  will  be  retained  by 
SBC,  says  a  spokesman  for  the  carrier. 
SBC  recently  stated  plans  to  bolster  its 
presence  in  enterprise  networks  as  it 
gains  approval  to  offer  long-distance 
services  throughout  its  region. 
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Great  Moments  at  Work. 

2:21  pm  No  one  accosts  you  on  way 
to  laser  printer  asking  for  help  updating 
corporate  forms  for  Tokyo  office. 
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Introducing  the  new  Microsoft  Office  System, 

Now  users  can  do  more  for  themselves  so  you  can  focus 
on  the  important  things.  More  than  just  the  core  suite 
you're  familiar  with,  the  new  Microsoft^  Office  System  is 
an  integrated  system  of  easy-to-use,  expanded  programs, 
servers,  services,  and  solutions  that  help  end  users  be 
more  self-sufficient.  With  Microsoft  Office  InfoPath™  2003, 
customer  defined  XML  and  web  services,  and  Microsoft 
Office  SharePoint™  Portal  Server  2003,  users'  documents 
and  forms  can  be  automatically  updated  with  the  latest 
information.  So  now  everyone  knows  they  have  the  most 
current  version,  minimizing  rework  and  data  reentry. 

And  less  busywork  for  them  means  even  less  busywork 
for  you.  To  find  out  how  the  Microsoft  Office  System 
can  work  for  you,  go  to  microsoft.com/officelT 


Microsoft  More  than  what  it  used  to  be,  it's  now  a 

Office  System  comprehensive,  customizable  system 


Servers 


Programs 

Access  2003 
Excel  2003 
FrontPage®  2003 
InfoPath™  2003 
OneNote™  2003 
Outlook®  2003 


PowerPoint®  2003 
Project  2003 
Publisher  2003 
Visio®  2003 
Word  2003 


Project  Server  2003 

Live  Communications 
Server  2003 


SharePoint™  Portal 
Server  2003 


Services 

Live  Meeting 
Office  Online 

Solutions 

Solution  Accelerators 


Exchange 
Server  2003 


Enabling  Technologies: 

Windows  Server™  2003,  Windows®  SharePoint  Services, 
Rights  Management  Services 
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2003:  A  forecasting  report  card 


Once  a  year,  we  pundits  earn  our 
chops  by  reviewing  the  predictions 
we  made  last  year  and  seeing  how 
well  they  stood  up.  Here  goes. 

Prediction  No.  1:  The  Bells  win  on 


unbundled  network  element  pricing. 

Actual  result:  Pretty  much.FCC  Chairman 
Michael  Powell’s  decision  pleased  no  one 
—  it  didn’t  allow  for  totally  unbundled 
rates  but  pushed  the  regulatory  job  back 
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FEEL  THE  EFFECT 

You  are  cordially  invited  to  attend  DEMO  2004. 

Launchpad  for  the  world's  emerging  technology. 

Where  the  latest,  most-promising  innovations  are  unveiled  by  the  men  and  women 
who  created  them.  At  the  one  event  with  the  power  to  turn  innovations  into 
technology.  Technology  into  ventures.  Ventures  into  businesses.  Geeks  into  gods. 

Famous  as  the  place  where  the  Palm  was  introduced.  Where  advanced  WiFi 
sprang  to  life.  Where  TiVo  went  from  an  idea  to  a  verb. 

Insiders  say  there's  something  in  the  air  at  DEMO.  That  somehow  the  alchemy 
of  innovators  and  the  intrigue  of  venture  capitalists  -  the  dance  of  entrepreneurs 
and  the  ambitions  of  corporations  -  the  attention  of  a  worldwide  press  and  the 
appraisal  of  powerful  peers  -  all  combine  and  conspire  and  combust  to  produce 
the  three  most  electrifying  days  in  technology  each  year. 

AND  YOU  CAN  BE  THERE,  TO  SEE  AND  BE  SEEN. 

9  $2,595  gets  you  in  on  everything.  So  register  now. 
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on  the  states,  supporting  the  Bells’ strangle¬ 
hold  on  competition. 

Predicted  corollary  effect:  Tepid  growth 
for  the  Lucents  and  Nortels  in  2003. 

Actual  result: Yep.  Both  companies, in  fact, 
experienced  modest  growth  for  most  of 
the  year,  rising  strongly  toward  year-end. 

Prediction  No.  2:  There  will  be  at  least 
one  more  high-profile  bankruptcy  or 
merger  in  the  telecom  market. 

Actual  result:  Tough  call.  I  can  claim  the 
point  on  a  technicality,  because  Cable  & 
Wireless’  U.S.  operations  entered  bankrupt¬ 
cy  last  month,  ending  the  U.K.  provider’s 
dreams  of  becoming  a  true  global  player 
and  marking  the  demise  of  the  high-profile 
hosting  facilities  Exodus  and  Digital  Island 
(both  of  which  C&W  had  acquired).  But 
the  bigger  trend  was  the  news  of  carriers 
on  the  mend,  with  both  Global  Crossing 
and  MCI  finally  emerging  from  Chapter  11. 
I’ll  award  myself  the  point, but  note  that  the 
situation  has  definitely  improved. 

Prediction  No.  3:  Spending  will  rebound 
slightly . .  .This  trend  favors  Cisco  and  other 
packet  technology  providers. 

Actual  result:  Solid  hit.  Cisco’s  stock 
started  on  a  consistent  upward  trajectory 
in  April  and  had  more  than  doubled  by 
year-end.  No  surprise:  Carriers  and  corpo¬ 
rations  have  told  me  they  plan  to  increase 
their  investment  in  packet  technology. 

Prediction  No.  4:  VoIP  continues  to  make 
slow  and  steady  gains  in  corporations. . . . 
Folks  begin  to  reap  savings  because  of 
lower  moves-adds-changes  costs. 

Actual  result:  Yeah,  baby!  The  only  word 
I’d  quibble  with  in  hindsight  is  “sloW  IT 
executives  are  beginning  to  deploy  IP  tele¬ 
phony  en  masse  —  more  than  80%  of  folks 
we  spoke  to  in  a  recent  Nemertes  bench¬ 
mark  said  they  had  either  rolled  it  out  or 
were  planning  to  shortly  —  and  we  now 
have  solid  data  demonstrating  hard-dollar 
savings  in  operational  cost  reduction. 
(Check  out  our  findings  at  Network  World’s 
upcoming  VoIP  Technology  Tour  at 
www.nwfusion.com,  DocFinder:  9237.) 

Prediction  No.  5:  Wireless  continues  to 
boom,  but  nobody  figures  out  how  to  make 
money  on  it. 

Actual  result:  Another  solid  hit.  Roughly 
three-quarters  of  IT  executives  who  partici¬ 
pated  in  a  recent  Nemertes  benchmark 
indicated  they’d  already  deployed  Wi-Fi, 
and  another  18%  said  they  planned  to. 
Only  8%  said  they  had  no  plans  to  do  so. 
And  we’re  beginning  to  capture  good, hard- 
dollar  data  on  how  these  deployments  are 
increasing  their  companies’  productivity 

Prediction  No.  6:  Both  the  Bells  and  the 
cable  companies  continue  to  miss  the  boat 
on  the  emerging  home  networking  market. 

Actual  result:  Well,  yeah.  But  betting  on 
telco  (and  cable  company)  cluelessness  is 
always  safe. 

Stay  tuned  for  my  2004  predictions. 
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Johnson  is  president  and  chief  research 
officer  at  Nemertes  Research,  a  leading  inde¬ 
pendent  technology  research  firm.  She  can 
be  reached  at  johna@nemertes.com. 


SMI-S  unifies  SAN  management 


BY  TONY  DICENZO 


HOW  IT  WORKS 


SMI-S 

The  Storage  Management  Initiative  Specification 
simplifies  the  complexity  of  managing  storage  networks. 
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Service  Location  Protocol  TCP/IP 


CIM-XML  over  HTTP  over  TCP/IP 
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Proxy  model 


O  Through  the  use  of  a  lock  manager,  clients  will  be  assured  their 
actions  are  isolated  from  changes  by  other  client  operations. 

O  Components  take  on  the  role  of  a  requester  or  provider  of  CIM-formatted  information. 

0  A  CIM  object  manager  provides  management  information,  possibly  from  multiple  devices. 

G  Agents  extract  CIM  information  from  devices  and  provide  it  upon  request. 

©  SMI-S  uses  the  protocol  stack  of  CIM-XML,  which  runs  over  HTTP,  which  in  turn  is  carried  over  TCP/IP. 


Storage  management  is  taking  a  major 
step  forward  with  completion  of  the  first 
version  of  the  Storage  Networking  In¬ 
dustry  Association  s  Storage  Management 
Initiative  Specification. 

Until  now,  network  managers  looking 
after  multivendor  storage-area  networks 
(SAN)  have  required  a  range  of  indepen¬ 
dent  management  applications,  devel¬ 
oped  by  a  number  of  different  vendors 
and  tied  to  multiple  hardware  manage¬ 
ment  APIs,  to  keep  their  systems  running 
effectively  SMI-S  is  the  first  step  in  SNIAs 
effort  to  ensure  that  all  storage  systems 
will  work  together. 

SMI-S  is  essentially  middleware  that  sits 
between  managed  objects  and  managed 
applications.  For  storage  network  man¬ 
agers,  six  features  of  SMI-S  will  dramati¬ 
cally  simplify  SAN  management: 

•  One  common  data  model:  SMI-S  is 
based  on  Web  Based  Enterprise  Manage¬ 
ment  (WBEM)  technology  and  the  Com¬ 
mon  Information  Model  (CIM).  SMI-S 
agents  interrogate  a  device,  such  as  a 
switch,  host  or  storage  array;  extract  the 
relevant  management  data  from  CIM- 
enabled  devices;  and  provide  it  to  the 
requester. 

•  Interconnect  independence:  SMI-S 
eliminates  the  need  to  redesign  the  man¬ 
agement  transport  and  lets  components 
be  managed  using  in-band  or  out-of-band 
communications,  or  a  mix  of  the  two. 
SMI-S  offers  further  advantages  by  speci¬ 
fying  the  CMI-XML  over  HTTP  protocol 
stack  and  utilizing  the  lower  layers  of  the 
TCP/IP  stack,  both  of  which  are  ubiqui¬ 
tous  in  today’s  networking  world. 

•  Multilayer  management:  SMI-S  has 


been  developed  to  work  with  server- 
based  volume  managers,  RAID  systems 
and  network  storage  appliances,  a  combi¬ 
nation  most  storage  environments  cur¬ 
rently  employ 

•  Legacy  system  accommodation: 

SMI-S  has  been  developed  to  incorpo¬ 
rate  the  management  mechanisms  in 
legacy  devices  with  existing  proprietary 
interfaces  through  use  of  a  proxy  agent. 
Other  devices  and  subsystems  also  can 


be  integrated  into  an  SMI-S  network 
using  embedded  software  or  a  CIM 
object  manager. 

•  Automated  discovery:  SMI-S-compli- 
ant  products  announce  their  presence 
and  capabilities  to  other  constituents. 
Combined  with  the  automated  discov¬ 
ery  systems  in  WBEM  to  support  object 
model  extension,  this  will  simplify  man¬ 
agement  and  give  network  managers  the 
freedom  to  add  components  to  their 


SAN  more  easily. 

•  Policy-based  management:  SMI-S 
includes  object  models  applicable  across 
entire  classes  of  devices,  which  lets  SAN 
managers  implement  policy-based  man¬ 
agement  for  entire  storage  networks. 

SMI-S  offers  substantial  benefits  to  users 
and  vendors.  With  SMI-S,  developers  have 
one  complete,  unified  and  rigidly  speci¬ 
fied  object  model,  and  can  turn  to  one 
document  to  understand  how  to  manage 
the  breadth  of  SAN  components.  Manage¬ 
ment  application  vendors  are  relieved  of 
the  tedious  task  of  integrating  incompati¬ 
ble  management  interfaces,  letting  them 
focus  on  building  management  engines 
that  reduce  cost  and  extend  functionality. 
And  device  vendors  are  empowered  to 
build  new  features  and  functions  into 
subsystems. 

SMI-S-compliant  products  will  lead  to 
easier,  faster  deployment  and  accelerated 
adoption  of  policy-based  storage  man¬ 
agement  frameworks. 

A  test  suite  developed  by  the  SNIA  will 
certify  compliance  of  hardware  compo¬ 
nents  and  management  applications  with 
the  specification.  Certified  components 
also  will  be  subjected  to  rigorous  interop¬ 
erability  testing  in  an  SMI  laboratory 

SMI-S  is  being  submitted  to  the  ANSI's 
International  Committee  for  IT  Standards 
and  is  expected  to  receive  a  blessing 
from  these  organizations  next  quarter. 

DiCenzo  is  director  of  industry  marketing 
at  Brocade  Communications  Systems.  He 
also  is  a  member  of  the  board  of  directors 
of  the  Storage  Networking  Industry 
Association  and  vice  chair  of  the  Storage 
Management  Initiative.  He  can  be  reached 
at  tdicenzo@brocade.com. 


Dr.  Internet 


By  Steve  Blass 


Can  I  share  one  of  my  Windows  applications  from 
an  XP  workstation  with  other  Windows  computers 
over  the  IntemetP 

One  way  to  do  this  is  to  use  the  Remote  Desktop 
features  in  Windows  XP  by  enabling  the  “Allow 
other  users  to  connect  to  this  computer"  feature 
under  the  Remote  tab  of  the  System  applet  found 
in  the  Control  Panel.  Then  Windows  computers 
with  the  remote  desktop  client  can  connect  and 


log  on  to  your  XP  machine  over  the  network.  You 
can  download  the  client  software  for  older  ver¬ 
sions  of  Windows  by  going  to  www.nwfusion.com, 
DocFinder:  9234.  Once  installed,  you  will  find  the 
remote  desktop  client  under  the  Communications 
section  of  the  Accessories  menu.  Another  way  is 
to  usetheVNC  package,  available  at  DocFinder: 
9235,  under  the  GNU  public  license.  To  connect  to 
the  remote  desktop  with  either  method,  run  the 
client  application  and  enter  the  remote  host  name 


or  IP  address.  Once  logged  on,  you  have  a  copy  of 
the  remote  desktop  in  a  window  on  your  PC.  VNC 
offers  cross-platform  support.  A  browser-based 
offering  is  available  from  DocFinder:  9236,  which 
delivers  the  remote  desktop  connection  through  a 
standard  HTTPS  SSL  connection. 

Blass  is  a  network  architect  at  Change@Work  in 
Houston.  He  can  be  reached  at  dr.internet@change 
atwork.com. 


QoS  is  Only  Part  of  the  Solution 


By  Larry  Stein 

When  it  comes  to  managing  application 
performance  over  a  wide  area  network 
(WAN),  IT  managers  face  conflicting 
demands  from  end  users  and  upper  man¬ 
agement.  End  users  need — and  demand — 
fast  response  times.  At  the  same  time, 
CIOs  must  live  within  existing  budgets  and 
WAN  spending  is  already  one  of  the  top 
three  items  in  a  typical  IT  budget.  And  as 
companies  become  more  global,  applica¬ 
tions  such  as  ERR  VoIP  and  storage  over  IP 
are  landing  on  the  WAN — placing  even 
greater  burdens  on  existing  capacity. 


Key  QoS  Components* 

•  Next  Generation  compression  increas¬ 
ing  WAN  capacity 

•  Essential  QoS  to  prioritize  traffic  and 
allocate  bandwidth 

•  TCP  optimization  to  accelerate  applica¬ 
tion  response  times 


“We  talk  to  many  companies  in  the 
global  2000,  and  every  one  of  them 
have  constrained  WANs,”  says  Peter 
Firstbrook,  a  senior  research  analyst  at 
META  Group.  “It’s  imperative  to  do  some 
sort  of  QoS,  mostly  at  the  border  of  the 
LAN  and  the  WAN.” 


Traditional  QoS  solutions  make  the 
most  of  limited  WAN  capacity  by 
prioritizing  one  application  ahead  of  anoth¬ 
er.  These  solutions  do  not  create  more 
capacity  but  rather  ration  the  existing 
resource  according  to  set  prioritization 
rules.  As  a  result,  the  software  creates 
’winner’  and  loser’  applications,  resulting 
in  performance  degradation  for  the  latter 
class,  along  with  user  unhappiness. 

"It’s  not  just  a  technical  problem,  it’s  a 
business  level  problem,”  points  out 
Firstbrook.  “Which  application  owner  is 
going  to  stand  up  and  say,  ‘Squash  me, 
everybody  else  is  more  important  than 
my  application?” 

A  new  approach  to  QoS  is  embodied 
by  companies  such  as  Peribit  Networks, 
which  combine  next-generation  data 
compression  technology  with  QoS  prioriti¬ 
zation  software.  “I’m  bullish  on  the 
technology — I  think  it’s  good,”  says 
Firstbrook.  “One  of  the  reasons  I  do  like 
companies  with  this  technology  is  because 
they  create  bandwidth.” 

Peribit  breaks  the  traditional  limitations 
of  QoS  solutions  by  providing  both  dramat¬ 
ically  increased  network  capacity  and  then 
easily  managing  this  new  found  bandwidth 
to  support  optimal  application  perform¬ 
ance.  The  result:  Businesses  can  get 
more  work  done,  faster.  And  that’s  truly 
the  bottom  line. 


On  The  Front  Tine  With  QoS 

As  CTO  of  law  firm  Fenwick  &  West 
LLP,  Matt  Kesner  understands  the 
need  to  provide  far-flung  operations 
with  technology  that  allows  them  to 
reach  peak  performance.  For  Kesner, 
this  translates  into  making  sure  that 
he  can  provide  optimal  application 
performance  across  all  five  office 
locations  scattered  across  the  United 
States. 

Fenwick  &  West  maintains  a  docu¬ 
ment  library  system  with  27  terabytes 
of  information  essential  for  law 
research.  Unfortunately,  this  applica¬ 
tion  was  a  bandwidth  hog  for  branch 
office  users,  who  tended  to  open  a 
connection  and  leave  it  open  all  day. 
Moreover,  all  email  was  routed 
through  the  main  office  to  branch 
locations,  which  clogged  WAN  traffic 
further. 

“Our  applications  generated  signifi¬ 
cant  traffic  loads  utilizing  all  of  our 
existing  network  capacity,”  says  Kesner. 

“We  faced  an  expensive  network 

V  - 

upgrade.” 

Kesner  was  just  about  to  bite  the 
bullet  and  upgrade  to  a  DS3  connec¬ 
tion  when  he  heard  about  Peribit 
Networks,  a  Santa  Clara,  Calif.-based 
company  that  makes  next  generation 
data  compression  and  Quality  of 
Service  (QoS)  appliances.  “We  decided 
to  try  it  out,  and  we’ve  been  using 
it  ever  since.  Peribit  does  a  great  job 
for  us,”  he  says.  “We  get  about  6.5 
times  more  capacity  than  we  would 
otherwise,  as  well  as  the  ability  to 
closely  manage  traffic  types  like  web 
browsing.” 


To  learn  more  about  QoS 
and  bandwidth  optimization, 
go  to 

www.peribit.com/qos 

Sponsored  by  Peribit  Networks 


Breaking  the  QoS  Zero  Sum  Game 

Next  generation  compression  creates  additional  WAN  capacity  allowing  essential  QoS 
features  to  prioritize  traffic  without  compromising  application  performance.  This  new-found 
capacity  eliminates  the  winner-loser  tradeoffs  associated  with  traditional  QoS  solutions. 


VoIP 


Capacity  Gam 


L4xJ 


Visit:  www.peribit.com/nww  or  call  866.737.4248  to  learn  more 


INSTANT  WAN  CAPACITY 


peribit 

INSTANT  WAN  CAPACITY 


RESULTS: 

Peribit  increases  WAN  capacity 
up  to  10  times  allowing  your 
existing  network  to  support  more 
users,  sessions  and  applications. 
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ERIBIT  BREAKS  TR 


Peribit  breaks  the  traditional  limitations  of  QoS 
solutions  by  providing  both  dramatically  increased 


network  capacity  and  easy  management  of  this  new¬ 
found  bandwidth  to  support  optimal  application 
performance.  The  Result:  Businesses  get  more  work 
done  without  increasing  carrier  spending. 

And  that’s  not  a  let  down. 


Percent  of  Traffic  by  Application 
{Typical  Customer  Results! 
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Happy  New  Free  Tools 


GEARHEAD 
INSIDE  THE 
NETWORK 
MACHINE 

Mark 

Gibbs 


Here  we  are,  just  having  crossed  the 
threshold  of  a  new  year  — 
renewed,  re-inspired  and  dreaming 
of  the  Nasdaq  hitting  anything  north  of 
4,000.  Before  we  launch  into  our  first 
geeky  topic  of  2004,  wed  like  to  ask  you 
for  some  feedback  and  guidance. 

In  all  the  reader  surveys  Network  World 
has  conducted,  Gearhead  has  consistently 
scored  very  high. This,  we  conclude,  means 
that  we  are  doing  something  right.  But  we 
want  to  ensure  that  we  carry  on  this  win¬ 
ning  streak, so  wed  like  you  to  write  in  and 
tell  us  what  you  want  us  to  cover. 

Do  you  want  more  overviews  of  network 
and  related  technologies,  or  do  you  want 
more  detailed  bits  and  bytes  about  what 
goes  on  under  the  hood?  Do  you  want  to 
see  more  programming-type  tutorials? 
What  technologies  would  you  like  to  see 
us  examine?  Do  you  want  more  product 
reviews?  And  with  the  increasing  use  of 
Linux,  would  you  like  to  see  more  discus¬ 
sion  of  the  system’s  details  and  tech¬ 


niques  and  related  products? 

Please  drop  us  a  line  to  let  us  know  what 
is  on  your  plate  and  on  your  mind. 

Email  Extractor 

To  begin  this  week  we  have  a  neat  free¬ 
ware  tool  written  in  JavaScript  called 
Email  Extractor  Lite  (details  at  www.nw 
fusion.com,  DocFinder:  9238)  written  by 
Benjamin  Leow.  The  tool,  which  requires 
Microsoft’s  Internet  Explorer  4+,  is  used  to 
strip  out  e-mail  addresses  from  blocks  of 
text,  removing  duplicates  and  returning 
the  addresses  in  a  comma-separated  list 
(you  can  specify  the  use  of  any  separator 
you  like). 

The  script  is  embedded  in  a  Web  page 
that  you  save  and  load  from  a  server  or 
your  local  drive.  You  simply  paste  the 
input  text  block  into  one  field,  select  the 
options  you  want,  click  on  the  extract  but¬ 
ton  and  copy  the  result  from  the  output 
window.  The  total  number  of  extracted 
addresses  are  displayed,  and  you  can 
group  addresses  in  blocks  of  whatever 
number  you  like,  with  each  group  separat¬ 
ed  by  a  new  line.  You  can  even  have  the 
addresses  sorted  alphabetically  and 
optionally  extract  only  addresses  that  con¬ 
tain  specific  text. 

All  this  in  a  2.87K-byte  download!  We 


used  it  to  create  an  address  list  from 
almost  6,000  messages  stored  in  an 
Outlook  folder.  We  exported  the  messages 
as  a  text  file,  opened  the  resulting  6M-byte 
file  with  Windows  Notepad,  copied  the 
first  megabyte  of  text  from  the  file  and 
pasted  it  into  Email  Extractor  Lite.  You 
have  to  limit  the  amount  of  text  you  place 
in  the  input  field  or  ugly  locking-up  things 
can  happen  under  Windows. 

We  pasted  the  results  into  another  Note¬ 
pad  file  and  repeated  the  process  five 
times  until  we’d  processed  all  the  text.  We 
then  copied  all  the  extracted  text  back 
into  Email  Extractor  Lite  and  processed  it 
again  to  remove  any  duplicates  that  might 
exist  because  of  breaking  the  original  file 
into  several  parts.  We  wound  up  with  a  list 
of  785  unique  addresses  totaling  about 
19K  bytes. 

Note  that  when  you  run  Email  Extractor 
Lite  with  any  sizable  amount  of  text, 
Windows  will  most  likely  announce  that  “A 
script  on  this  page  is  causing  Internet 
Explorer  to  run  slowly  If  it  continues  to 
run,  your  computer  may  become  unre¬ 
sponsive.  Do  you  want  to  abort  the  script?” 
And  it  is  true  —  on  our  1.8-GHz  Pentium  4 
based  machine  running  Windows  XI? pro¬ 
cessing  3M  bytes  of  text  pushed  the  CPU 
utilization  to  100%  for  so  long  that  our 


clothes  were  going  out  of  style. 

The  Yak 

We  also  stumbled  across  another  very 
cool  tool:  the  Yak  (see  DocFinder:  9239), 
possibly  the  best  Java-based  button  applet 
we’ve  ever  seen. 

This  7K-byte  applet,  which  is  used  to  pre¬ 
sent  sexy  animated  buttons  on  Web  pages, 
is  incredibly  powerful. You  can  configure 
it  to  always  show  a  sequence  of  images  or 
do  so  only  on  mouseover  or  mouseout. 
You  can  use  up  to  100  images  and  set  the 
animation  speed.  And  you  can  create  a 
button  that  uses  only  a  single  image  or 
one  that  presents  a  traditional  two-state 
toggle  animation. 

The  Yak  also  supports  sound,  allows  for 
various  layout  presentation  styles  and  lets 
you  select  text  font  and  style  specifica¬ 
tions.  When  the  button  is  clicked  it  can 
load  the  link  in  the  same  window,  a  new 
window  or  a  frame.  And  it  is  fast!  The  ani¬ 
mations  are  smooth,  the  sound  delivery 
clean,  and  it  works  with  both  Netscape 
and  Internet  Explorer. 

And  did  we  mention  it  is  free?  What  a 
great  utility! 

Come  on ,  tell  us  what  you  want  at  gear- 
head@gibbs.  com. 


lool 

Quick  takes 
on  high-tech  toys 

By  Keith  Shaw 


RIM  adds  speakerphone  to  BlackBerry 


The  BlackBerry  7510 
comes  with  Nextel's 
walkie-talkie  feature. 


Research  in  Motion  and  Nextel  last  week  launched  the 
latest  BlackBerry  handheld.  The  BlackBerry  7510  in¬ 
cludes  a  high-resolution  color  screen,  access  to  one  or 
multiple  corporate  and  personal  e-mail  addresses,  built- 
in  cell  phone,  built-in  speakerphone,  personal  organizer 
and  Web  browser.  It  also  includes  Nextel’s  Nationwide 
Direct  Connect  walkie-talkie  feature,  and  supports  appli¬ 
cations  built  with  Java  2  Micro  Edition.  Other  supported 
features  include  cradle-free 
wireless  e-mail  synchroniza¬ 
tion  and  integrated  e-mail 
attachment  viewing  (Word, 

Excel,  PowerPoint,  PDE 
WordPerfect  and  ASCII  file 
formats). 

The  device  supports  16M 
bytes  of  flash  memory  and 
2M  bytes  of  SRAM; 
includes  a  rechargeable 
and  removable  lithium 
battery;  has  an  optional 
extended  battery;  and  con¬ 
nects  to  a  PC  via  USB  port. 

Nextel  is  selling  the  device 
for  about  $350,  with  data 
service  plans  starting  at 


about  $40  per  month  and  optional  voice 
plans  with  varying  prices.  For  more 
details,  go  to  www.nextel.com/black- 
berry. 

Fujitsu  launches  new  Tablet  PC 

Fujitsu’s  Computer  Systems 
division  last  week  began  ship¬ 
ping  its  newest  tablet. 

The  Stylistic  ST5000  Tablet 
PC  is  a  slate-style  version 
that  has  higher  per¬ 
formance,  security 
and  screen  enhance¬ 
ments,  the  company 
says. 

The  tablet  has  a 

12.1-inch  XGA  display,  weighs  less  than 
four  pounds  and  is  less  than  1  inch  thick.  It  is  pow¬ 
ered  by  an  Ultra  Low  Voltage  Intel  Pentium  M  processor 
and  includes  a  standard  battery  that  should  offer  up  to 
five  hours  of  computing  time.  An  optional  high-capac¬ 
ity  battery  will  offer  up  to  eight  hours  of  battery  life, 
Fujitsu  says. 

The  tablet  also  has  a  Gigabit  Ethernet  LAN  port 
(10/100/1000  Base-T/TX)  for  fast  network  connectivity 
and  comes  with  an  option  for  wireless  802.1  la,  b  and  g 
connections.  The  device  features  a  dedicated  Smart 
Card  reader  for  security,  and  a  built-in  Memory  Stick/ 
Secure  Digital  media  slot  for  media-card  storage.  Other 
features  include  256M  bytes  of  SDRAM  (up  to  2G  bytes 
possible),  a  40G-  or  60G-byte  hard  drive,  a  Type  I  orType 
II  PC  Card  slot,  two  USB  2.0  ports,  an  IEEE  1394  port 
and  integrated  dial-up  modem.  The  tablet  runs 
Windows  XP  Tablet  PC  Edition  and  includes  the  Office 
OneNote  2003  application.  The  ST5000  is  priced  start¬ 
ing  at  about  $2,050  through  Fujitsu’s  direct  sales  force, 
Web  site  and  channel  partners. 


Fujitsu's  latest  Tablet  PC 
has  a  brighter,  12.1-inch 
XGA  display. 

View  digital  photos  on  a 
better  screen 

Epson  last  week  announced 
the  P-1000  portable  hard  drive 
and  image  viewer  that  lets  digital 
photographers  view  photos  on  a 
3.8-inch  color  LCD  screen  (VGA  res¬ 
olution).  In  addition,  users  can  store 
up  to  10G  bytes  of  photos  on  the 
device,  which  then  can  connect  and 
print  directly  to  several  Epson  printers, 
the  company  says.  The  P-1000,  expected 
to  ship  later  this  month,  is  priced  at  $599. 
larger  screen  gives  photographers  a 
better  view  of  their  photos.  In  addition,  the 
device  offers  three  colors  per  pixel,  and  a 
higher  density  of  212  pixels  per  inch  compared  with  one 
color  per  pixel  and  100  pixels  per  inch  on  an  average  dig¬ 
ital  camera  display,  the  company  says.  Other  features 
include  the  ability  to  zoom  in  and  rotate  images;  play  a 
slide  show;  and  connect  to  a  television,  monitor  or  pro¬ 
jector  with  National  Television  Standard  Code  or  phase- 
alternating  line  inputs. 

The  P-1000  supports  several  memory  cards  —  native 
support  for  Compact  Flash  (Type  1  and  II)  and  IBM 
Microdrive,  and  support  for  Memory  Stick,  Smart  Media, 
Secure  Digital  and  MultiMedia  Cards  through  an  optional 
third-party  adapter.  The  device  also  can  print  directly  to 
an  Epson  printer  (including  the  Stylus  Photo  820,  900, 
1280  and  2200  models),  the  company  says.  When  con¬ 
nected  to  a  PC  or  Macintosh,  it  acts  as  an  external 
portable  hard  drive  (via  USB  port). 

Shaw  can  be  reached  at  kshaw@nww.com. 


How  Primitive 


is  Your  Backup 


Solution? 


Step  out  of  the  STONE  AGE  with  PowerQuest*  V2i  Protector 


Stop  relying  on  old  technology  to  protect  your 
servers  and  desktops.  It  leaves  your  company’s  mission 
critical  data  unprotected  and  exposed  to  permanent  loss. 
Today’s  tape  backup  and  recovery  solutions  are  often: 
Slow  -  taking  all  night  to  back  up  your  servers  and  more 
than  four  hours  or  longer  to  restore  an  individual  system. 
Expensive  -  requiring  expensive  software  plug-ins, 
dedicated  hardware  and  highly  skilled  technicians. 
Unreliable  -  ignoring  critical  data  leaving  you  with 
incomplete  backups  and  unsuccessful  recoveries. 


Why  try  to  reinvent  the  wheel  using  outdated  technology 
like  tape  backup? 


PowerQuest*  V2i  Protector  " 

-  Backup  Anything,  Anytime,  Anywhere. 

-  Restore  a  system’s  Active  State  in  Minutesl 


To  learn  more  and  view  the  on-demand  “Disaster  Recovery  Secrets”  webcast,  visit: 

www.powerquest.com/stoneage2 

©  2003.  All  rights  reserved  This  product  and  its  use  are  subject  to  a  license  agreement  and  are  also  subject  to  copyright,  trademark  and/or  patent  laws 
Please  refer  to  www.powerquest.com/legal  for  details.  PowerQuest,  V2i  Protector  and  the  PowerQuest  Swirl  are  trademarks  or  registered  trademarks  in 
the  United  States  and  elsewhere.  All  other  brand  and  product  names  are  registered  trademarks  or  trademarks  of  their  respective  owners 
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EDITORIAL 

John  Dix 

Start-up  looks 
to  leverage 
corporate  IM 

Anticipating  that  instant  messaging  will  play  an 

increasingly  important  role  in  collaboration,  start-up 
Convoq  is  gearing  up  to  introduce  an  application 
next  month  that  adds  video-  and  Web  conferencing  to  IM. 

Led  by  Charles  Digate,  one-time  CEO  of  e-mail  company 
Beyond  Inc.,  Convoq  ASAP  is  what  the  company  calls  an 
instant  meeting  system.You  can  find  people  to  meet  with, 
meet  right  away  or  “as  soon  as  present”  (hence  the  ASAP 
moniker),  and  choose  your  method  of  communications: 
chat,  audio-  or  videoconferencing,  or  application  sharing. 

Participants  are  identified  from  your  IM  list  or  invited 
via  e-mail,  a  key  strength  being  that  contacts  don’t  need 
to  be  running  the  ASAP  client. They  can  participate  from 
Windows,  Macintosh  or  Linux  systems  without  download¬ 
ing  anything. They  don’t  even  need  to  be  running  the 
same  flavor  of  IM. 

How?  Convoq  ASAP  is  a  hosted  application  —  all  con¬ 
nections  go  through  Convoq ’s  data  center  —  and  Flash  is 
used  to  build  the  user  interface  in  real  time  on  machines 
that  don’t  have  the  client. 

Flash  has  built-in  audio  and  video  coder/decoder  so 
any  PC  that  has  speakers  and  a  microphone  can  partici¬ 
pate  in  full  audio  and,  if  they  don’t  have  a  camera,  at  least 
one-way  videoconferences. 

Digate  says  the  initial  sales  focus  is  on  support,  profes¬ 
sional  services  and  sales  operations  —  the  types  of  users 
that  need  to  be  able  to  quickly  assemble  people  to 
answer  questions  or  resolve  problems. 

To  facilitate  the  meeting  process  ASAP  supports  some¬ 
thing  called  Lifelines.  A  supplier,  for  example,  could 
make  Lifelines  available  to  customers,  which  when 
clicked,  establish  connections  to  available  support  per¬ 
sonnel  or  their  designated  stand-ins.  If  no  one  is  avail¬ 
able  at  the  moment,  the  “as  soon  as  present”  option 
could  be  invoked. 

Digate  says  the  product  is  in  the  final  phase  of  develop¬ 
ment  and  will  be  officially  launched  next  month,  but  IM 
users  can  demo  it  by  downloading  a  free  version  of  the 
client  from  www.convoq.com. 

Although  he  won’t  reveal  pricing,  Digate  says  ASAP  will 
be  subscription-based. There  will  be  one  price  for  users 
who  meet  with  up  to  two  people  (no  time  limit), and  a 
higher  fee  for  up  to  six  people  per  meeting. 

While  Convoq  eventually  will  face  stiff  competition  as 
Microsoft  and  other  vendors  integrate  their  messaging 
and  meeting  tools,  Convoq’s  advantages  are  that  it  will 
work  with  all  types  of  IM  and  the  company  apparently 
will  beat  the  others  to  market  with  this  interesting  new 
approach. 


—  John  Dix 
Editor  in  chief 
jdix@nww.com 


opinions 


Need  broader  tips 

I  found  the  tips  offered  in  the  story  “Adding  ‘oomph’ 
to  your  network”  (www.nwfusion.com,  DocFinder: 
9223)  to  be  of  very  limited  applicability 

Going  jumbo  is  only  a  good  idea  for  server-to- 
server  file  transfers  or  back-up  jobs.  Used  generally, 
it  can  cause  Maximum  Transmission  Unit  size  prob¬ 
lems  that  are  very  difficult  to  diagnose. 

The  suggestion  to  check  your  wiring  is  good  gen¬ 
eral  advice,  but  how  about  a  real  tip  on  where  to 
check,  and  how?  Turning  on  full  duplex  everywhere 
isn’t  good  advice,  but  detecting  half-full  duplex  mis¬ 
matches  is.  The  problem  is  the  Multi  Router  Traffic 
Grapher  and  most  other  tools  won’t  help  you  do  this. 

Extending  Layer  3  switching  to  the  wiring  closet 
will  make  things  more  complex,  and  for  most  situa¬ 
tions,  will  do  little  to  improve  performance. 

The  advice  to  add  route  control  needs  to  be  pre¬ 
faced  by  the  conditions  where  this  will  have  impact. 
For  internal  applications  on  a  private  network,  route 
control  will  have  little  or  no  impact. 

The  suggestion  to  employ  packet  shaping  —  or  pri¬ 
oritization  —  is  a  good  recommendation.  Packeteer 
is  merely  one  example  of  a  vendor  that  offers  this 
technology  A  more  widely  applicable  tip  would  be 
much  better.  Compression  is  also  a  good  recom¬ 
mendation,  but  again,  Peribit  is  merely  one  example. 

The  advice  about  speeding  up  Secure  Sockets 
Layer  transactions  is  another  single-source  tool  rec¬ 
ommendation,  rather  than  a  more  widely  applicable 
tip. The  principles  involved  appear  valid  and  useful, 
but  uniquely  implemented  in  Redline’s  product. 

Ron  Watt 

Senior  solutions  consultant 
Empowered  Networks 
Ottawa 


E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  editor  in 
chief.  Network  World,  1 1 8  Turnpike  Road,  Southborough,  MA  01772. 
Please  include  phone  number  and  address  for  verification. 


Protecting  U.S.  jobs 

Regarding  your  editorial  on  offshore  outsourcing 
(“Catching  up  with  the  Quovix  community” 
DocFinder:  9224):  In  response  to  a  story  on  out¬ 
sourcing  to  India  that  ran  in  June  in  CIO  magazine, 
a  reader  who  is  a  consultant  from  Chennai,  India, 
touts  giving  work  to  “an  Indian  with  an  Ivy  League 
education  working  in  India  at  $10,000  per  year”  as 
more  advantageous  than  employing  “an  American 
night  schooler  who  demands  $70,000  per  year? 

This  got  me  thinking.  1  propose  outsourcing  all 
executive  positions  (from  the  board  of  directors 
down)  to  India.  I  figure  companies  could  pay  each, 
say,  $30,000  per  year.  If  a  dozen  execs  at  a  company 
making  an  average  $10  million  per  year  ($120  mil¬ 
lion  total)  are  replaced  by  12  Indians  ($360, 000), this 
would  produce  a  savings  of  $119,640,000!  I  say 
include  upper  management  in  outsourcing. 

David  Easter 
Fallston,Md. 

Regarding  offshore  outsourcing:  I  have  taken  over 
several  projects  where  the  client  found  it  very  diffi¬ 
cult  to  deal  with  an  offshore  vendor.  One  system  had 
at  least  five  programmers  working  on  it,  each  with 
his  own  method  and  protocol  personality 
Since  then  my  company  has  reviewed  several 
other  situations  in  which  clients  had  the  same  nega¬ 
tive  issues.  Problems  with  vendor  maintenance,  com¬ 
munications  and  the  programmer  just  not  knowing 
or  understanding  the  client  significantly  outweighed 
the  dollar  savings.Two  or  three  years  down  the  road, 
offshore  outsourcing  will  be  viewed  more  realisti¬ 
cally  by  U.S.  industry  and  a  major  shift  back  to 
domestic  programmers  will  resume,  especially  for 
small  to  midsize  application  development. 

Nick  Santino 
Founder  and  president 
Argentto  Systems 
New  York 
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SECURITY  ISSUES 

W.  David  Stephenson 


Corporate  homeland  security  a  win-win 


Many  corporations  have  been  less  than  enthusiastic  about  new 
homeland  security  responsibilities,  which  they  see  as  threaten¬ 
ing  to  disrupt  just-in-time  manufacturing  strategies,  impose  new 
costs  and  introduce  yet  another  set  of  regulations.  There  were  similar 
complaints  when  environmental  regulations  were  imposed  in  the 
1970s  and  1980s.Yet,by  the  early  1990s,  companies  such  as  DuFbnt  and 
3M  had  gained  a  competitive  advantage  by  adopting  waste-reduction 
strategies  that  were  good  for  the  environment  and  the  bottom  line. 

I  believe  a  similar  paradigm  shift,  from  viewing  homeland  security  as 
a  costly  burden  to  seeing  it  as  a  competitive  advantage,  is  possible. 
There  are  three  benefits  to  companies  taking  the  lead  on  homeland 
security  strategies  that  don’t  just  meet  the  letter  of  the  law,  but  do  so  in 
a  synergistic  way: 

•  Increased  collaboration.  Sept.  1 1  dramatically  reminded  us  of  the 
consequences  for  security  of  not  “connecting  the  dots.”  However,  com¬ 
panies  already  were  paying  a  high  price  for  lack  of  coordination,  espe¬ 
cially  in  logistics  and  supply-chain  management,  which  made  it  nearly 
impossible  for  everyone  in  the  supply  chain  to  know  on  a  real-time 
basis  where  a  container  was  and  what  it  held.  Now  65  companies  in  the 
shipping  and  logistics  field  have  formed  the  Smart  and  Secure  Trade 
Lanes  Initiative  (SST)  to  create  an  end-to-end, supply-chain  security  sys- 
tem.The  collaboration  will  integrate  data  flow  that  will  help  homeland 
security  agencies  collaborate  to  reduce  container  risks.  Equally  impor¬ 
tant  from  the  commercial  standpoint,  it  will  allow  sharing  of  data  to 
overcome  the  lack  of  integration  in  the  shipping  and  logistics  industry 
•  Error  reduction.  Dual-use  technologies  can  reduce  both  the  chance 
that  a  terrorist  will  slip  into  the  country  and  that  vital  cargo  will  get  lost 


on  a  railroad  siding  somewhere.The  SST  system  exceeds  the  new  U.S. 
Customs  requirement  that  manifests  for  cargo  from  foreign  ports  be 
reported  a  full  day  before  departure.  It  also  lets  participating  compa¬ 
nies  get  chain-of-custody  audit  trails  of  the  containers’  history  that  can 
be  used  to  improve  supply  chains’ structure  and  efficiency. 

•  Employee  empowerment.  Both  homeland  security  and  smart  com¬ 
panies  need  empowered  individuals  who  can  get  the  information  they 
need  to  act  intelligently  Subsets  of  XML  are  critical  to  global  business 
and  emergency  response,  letting  those  who  need  information  from 
diverse  sources  access  them  on  a  real-time  basis,  seamlessly  EmXML, 
the  emergency  notification  standard  that  is  under  development,  will  let 
first  responders,  security  officials,  public  health  agency  officials  and 
others  immediately  share  critical  information  during  an  emergency 
EbXML.the  business  standard,  will  streamline  business  operations,  set¬ 
ting  global  standards  for  exchanging  business  messages,  establishing 
trading  relationships,  communicating  data  in  common  terms,  and 
defining  and  registering  business  processes.  The  more  extensive  the 
adoption  of  both  schemas,  the  more  valuable  each  will  be. 

Both  economic  globalization  and  the  war  on  terror  require  that  we 
adopt  new  technologies  and  attitudes.  Creative  companies  will  get 
beyond  their  frustrations  with  new  regulations  and  responsibilities  to 
gain  a  competitive  advantage  through  strategies  that  cut  risk  and  pay 
economic  dividends. 

Stephenson  is  a  strategic  communication  consultant  specializing  in 
homeland  security.  He  can  be  reached  at  D.Stephenson@Stephenson 
strategies.com. 


Both  economic 
globalization 
and  the  war  on 
terror  require 
that  we  adopt 
new  technologies 
and  attitudes. 


TELECOM  CATALYST 

Daniel  Briere 

In  scanning  the  coverage  of  the  telecom 
recovery  we  read  about  the  excesses  of  the 
past  and  how  we  “know  better”  now. 
Everyone  is  singing  the  same  tune:“Things  are 
so  different  noW’ . . .  “We’ll  never  return  to  the 
‘old  days’” . . .  It’ll  never  be  the  same.”  And  the 
sad  part  is,  most  people  believe  it. 

The  facts  are  we  all  want  to  go  back  to  the  good  old  days.  We  are  all 
acting  like  we  did  in  the  good  old  days.The  reactions  are  like  the  good 
old  days  —  just  on  a  smaller,  less  obvious  scale. 

Overinvestment  is  still  ripe  —  do  you  really  believe  all  these  wireless 
strategies  are  going  to  pan  out?  The  market  is  still  crazy  —  how  else  do 
you  explain  a  near  100%  run-up  on  a  DSL  stock  based  on  a  vapid 
announcement  that  the  vendor  tested  its  gear  in  Cisco’s  lab,  or  60,000 
postings  about  a  stock  on  Yahoo’s  stock  message  boards  in  one  day? 
Everybody  is  jumping  back  in  the  water,  clothes  off,  with  glee. 

If  you  don’t  buy  into  the  craze,  you  get  slammed  for  not  taking  part: 
investment  bankers  for  not  chasing  the  deals;  stock  brokers  for  not  in¬ 
vesting  in  stocks  that  jumped  30%  in  a  week;  venture  capitalists  for  not 
going  in  on  the  deals  everyone  else  is  chasing;  consultants  for  not  buy¬ 
ing  into  the  “clear  trends.”  If  you  take  part,  most  people  freely  admit  the 
telecom  recovery  is  not  fully  factually  based;  it’s  emotionally  based. 
Says  one  investment  banker  friend  of  mine, “It’s  all  bogus,  but  what  are 
you  going  to  do?  Investors  want  results.”  So  the  first  thing  that  is  wrong 
is  that  the  “system”  has  lost  any  semblance  of  checks  and  balances. 

A  second  problem  is  the  lack  of  attention  to  fundamentals,  which 
once  more  are  being  ignored  by  many  in  the  industry.  Overcapacity 
is  still  an  issue. The  major  “stable”  players  in  the  market  have  sizable 
revenue  at  risk  because  of  VoIP  expansion,  cable  displacement  ser¬ 
vices,  cellular  conversions  and  so  on.  This  is  not  going  to  magically 
correct  itself. 

A  third  problem  is  the  danger  lurking  in  reactionary  strategies  — 
when  things  go  bad,  the  reaction  can  be  knee-jerk  and  severe,  as  we’ve 


Has  anything  really  changed? 


seen  in  the  past  few  years  when  the  industry  was  abruptly  halted 
because  of  lack  of  spending.  The  fragility  of  so  many  players,  and  the 
impending  effect  of  bankruptcy-driven  pricing,  is  still  hanging  out  there 
untested, and  a  quick  reaction  by  a  series  of  bad  profit  announcements 
could  send  us  back  down  again. 

Cisco  CEO  John  Chambers  has  been  saying  for  a  while  that  trust  and 
confidence  need  to  be  re-instilled  in  the  system,  and  the  last  quarter 
has  seen  a  regaining  of  these  psychological  foundations  in  telecom. 
But  there’s  a  difference  between  a  slow, steady  and  therefore  somewhat 
stable  regrowth,  and  the  rampant,  out-of-control,  rush-for-the-gold  herd 
mentality  that  governed  the  telecom  industry  a  few  years  ago. 

There’s  a  danger  that  the  same  forces  that  took  our  telecom  industry 
ball  and  ran  with  it  —  into  the  ground  —  are  rearing  their  heads  again. 

The  insanity  of  the  stock  market  and  its  get-rich-quick  rewards  is  again 
starting  to  seep  into  the  psyche  of  the  way  decisions  are  made,  and 
that’s  the  way  a  lot  of  money  was  made  and  lost  in  the  last  binge.  The 
people  driving  that  get  their  money  off  the  front  end  —  venture  capi¬ 
talists  whose  investment  can  cash  out  early  on, and  investment  bankers 
who  make  money  on  the  deals.  Just  because  there  is  easy  money  does 
not  mean  real  value  is  being  created. 

You’d  like  to  think  that  the  adage, “Those  who  do  not  study  history  are 
bound  to  repeat  it”  would  be  true,  but  the  problem  is  everyone  knows 
what  happened,  and  yet  it’s  still  returning.  There  are  still  fundamental 
issues  to  deal  with.  The  market  pressures  on  the  telcos  are  going  to 
increase,  not  decrease,  as  new  disrupting  technologies  such  as  VoIP 
affect  the  top  line  of  revenue. 

So  get  out  your  favorite  drink  and  toast  to  the  wild  ride, because  it’s 
beginning  again.  Let’s  just  not  be  surprised  if  it  has  many  of  the  same 
endings. 
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Briere  is  CEO  of  TeleChoice,  a  market  strategy  consultancy  for  the 
telecommunications  industry.  He  can  be  reached  at  telecomcat 
alyst@telechoice.  com. 
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CoAA  Gan  rogue  wireless  LANs 

rdbtrUI  I  be  eliminated? 

Two  industry  experts  debate  whether  perimeter  security  alone  can  deter  rogue  wireless  access  points. 


Yes,  by  Marvin  Chartoff 


ogue  access  points  are  among  the  greatest  security  threats  in  corporate 
America.  Network  technology  has  become  so  inexpensive  and  easy  to  set  up 
that  many  office  workers  have  configured  wireless  LANs  themselves.They  typ¬ 
ically  set  up  an  access  point  in  a  conference  room  or  other  common  area  and 
plug  into  an  enterprise  network.  Most  are  not  thinking  about  security  which 
usually  is  turned  off  by  default.  Many  IT  departments  are  not  monitoring  the  network 
perimeter  for  rogue  access  points  if  they  haven’t  been  thinking  about  a  wireless  strategy 

How  do  you  deter  rogue  access  points?  While  the  starting  point  should  be  a  strong  pol¬ 
icy  against  them,  including  penalties  for  noncompliance,  most  companies  don’t  follow 
through  on  compliance.  Having  a  corporate  strategy  and  architecture  established  for  the 
use  of  wireless  technology  also  can  help.  Some  business  departments  might  be  willing  to 
fund  an  early  deployment  of  your  vision  if  you  demonstrate  the  benefits  they  will  achieve. 

However,  the  best  solution  involves  network  perimeter  security  There  is  no  silver  bullet, 
but  there  are  a  few  techniques  that  can  reduce  the  risk  that  rogue  access  points  go  undis¬ 
covered.  Combined  with  a  sufficient  level  of  security  on  destination  servers  and  applica¬ 
tions,  these  techniques  can  close  security  holes  opened  by  rogue  access  points. 

A  combination  of  wireless  and  wireline  intrusion-detection  tools  can  capture  telltale 
signs  of  a  rogue  access  point.  If  you  have  standardized  on  your  desktop  and  laptop  net¬ 
work  interface  card  (NIC)  vendors, the  media  access  control  (MAC)  address  of  the  access 
point  typically  will  have  a  different  vendor  code  than  that  of  your  official  devices.  The 
source  MAC  address  of  a  packet  from  an  end  user  also  will  be  different  than  the  address 
of  the  access  point  connected  to  the  network.  If  you  do  an  SNMP  discovery  or  similar 
interrogation  process, you  might  uncover  an  unidentified  device  that  would  merit  further 
investigation.  If  your  facility  is  small  enough, you  could  use  a  radio  frequency  monitoring 
device  from  a  vendor  such  as  AirMagnet,  and  walk  around  with  it  to  see  if  you  pick  up  a 
signal  from  an  access  point.You  also  could  use  a  laptop  with  a  WLAN  NIC  and  a  standard 
WLAN  client  management  utility.  More  sophisticated  WLAN  troubleshooting  tools, such  as 
AirDefense’s  RogueWatch,  can  provide  ongoing  monitoring  and  collect  additional  infor¬ 
mation  for  pinpointing  a  rogue  access  point’s  location. 

Uncovering  a  rogue  access  point  should  be  sufficient  deterrence  to  employ¬ 
ees  who  thought  they  could  hide  behind  the  anonymity  of  the  network  port 
in  the  wall.  If  you  have  a  corporate-sanctioned  wireless  network,  no  doubt 
they  would  gladly  use  it. 

IT  departments  had  gained  control  of  their  environment  since  the  last 
rogue  device,  the  PC,  was  introduced  over  20  years  ago.  Rogue  WLANs  are 
threatening  to  destabilize  the  environment  again.  With  a  sound  plan  for  utilizing 
wireless  technology  and  improvements  in  network  management  processes  and 
tools  for  perimeter  security,  risks  can  be  greatly  reduced  and  employ-  More  online! 

ees  will  be  back  under  IT’s  control.  Log  on  to  Network  World  Fusion  to  voice  your  opinion 


No,  by  Brian  Boyland 


he  ubiquitous  and  transient  nature  of  wireless  technology  presents  a  con¬ 
stantly  moving  target.  Wireless  access  points  let  authorized  and  unauthorized 
users  gain  the  same  level  of  access  through  the  same  access  point.  Standard 
network  operations  center  tools  are  reactive  in  detecting  unauthorized 
devices.  Ping-sweeps  and  auto-discoveries  can  identify  devices  after  they  have 
accessed  the  network  by  comparing  their  results  against  the  network  map  stored  in  a 
network  management  system  database.  Analyzing  a  new  device’s  management  informa¬ 
tion  base  data  to  determine  that  it  is  a  rogue  access  point  is  subject  to  misinterpretation. 
In  addition,  such  network  scans  require  time  and  bandwidth  to  complete,  presenting 
excessive  NMS  traffic  load  and  leaving  a  window  of  access  open  between  scans. 
Increasing  the  interval  of  scanning  only  magnifies  the  problem.  Random  or  spot  scans  of 
the  network  are  ineffective,  as  they  rely  on  the  “luck  of  the  draw!’ 

Multiple-level  security  is  the  best  defense  against  unauthorized  access.  Wireless  LAN 
(WLAN)  technology  complicates  the  issue  because  of  open  access  to  the  airwaves  and 
inability  to  control  the  radiation  of  radio  frequency  signal.  Therefore,  in  a  wireless  sce¬ 
nario,  only  authenticated  users  should  be  allowed  to  use  network-attached  resources. 

It  is  possible  to  perform  radio  frequency  scanning  on  the  premises.  But  success  is  sub¬ 
ject  to  hming  —  you  need  to  catch  the  device  in  operation,  which  requires  continuous  fre¬ 
quency  monitoring  that  can  be  labor-  and  capital-intensive.  Furthermore,  radio  frequency 
scanners  are  limited  in  range  and  accuracy  Stray  radio  frequency  from  a  variety  of  legiti¬ 
mate  sources,  such  as  other  WLANs  and  cordless  phones,  can  generate  false  signals  to  a 
common  scanner.  It  also  is  important  to  note  that  radio  frequency  scanning  can  only 
detect  the  presence  of  a  device,  but  does  not  correlate  it  with  access  to  your  network. 
Multi-tenant  buildings  and  densely  packed  zones  can  present  a  challenge.There  are  prod¬ 
ucts  available  that  discriminate  true  802.1 1  from  other  radio  frequency,  but  they  are  still 
subject  to  timing,  neighboring  WLANs  and  inaccuracies  in  NMS  databases. 

Regardless  of  the  technique  for  identifying  the  presence  of  an  unauthorized  wireless 
access  point,  the  weak  point  is  timing. The  results  of  the  scan  must  be  compared  against 
a  reference  base  of  legitimate  access  points  to  identify  the  intruder.  Reliance  on  the  accu¬ 
racy  and  currency  of  the  database  implies  tight  control  on  the  management 
process.  User  authentication  for  all  network  access  is  still  essential  to  provid¬ 
ing  a  truly  secured  network. 

The  only  effective  means  of  securing  corporate  assets  remains  multiple  lev¬ 
els  of  security  including  securing  the  destination.  An  employee  with  a  wire¬ 
less  router  still  can  expose  a  company  to  attack  without  endpoint  security 
Although  it  is  a  good  idea  to  continue  to  develop  and  deploy  perimeter  secur¬ 
ity,  neither  the  technologies  nor  the  techniques  are  mature.  Proper  domain  con¬ 
trol  and  security  of  the  endpoint  are  still  essential.  It  is  a  mistake  to 
rely  on  any  one  scheme. 
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NetScreen,  Nokia  top  the  growing  field  of  products 
that  target  simplified  secure  remote  access 
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ecurity  with  ease  of  use  is  the  promise  of  Secure  Sockets  Layer  VPNs.  In  our  test  of 
seven  SSL  VPN  gateways  —  from  AEP  F5  Networks,  NetScreen  Technologies,  Netilla, 
Nokia,  Symantec  and  Whale  Communications  —  we  assessed  how  well  each  is 
equipped  to  provide  secure  remote  access  to  corporate  applications. 
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SSL  VPN  GATEWAYS 


The  good  news  is  that  several  products 
are  well-suited  for  enterprise  use.  Our 
World  Class  award  goes  to  NetScreen  for 
its  outstanding  application  support,  good 
access  control  mechanisms  and  overall 
interoperability  Nokia,  Symantec  and  F5 
all  make  our  short  list  because  of  the 
broad  spectrum  of  application  support 
they  offer. 

Our  basic  assumption  for  testing  SSL 
VPNs  is  that  they  must  fit  into  existing 
networks  and  application 
environments  (see  How 
we  did  it,  www.nwfusion. 
com,  DocFinder:  9225). 

To  that  end,  we  tested 
interoperability  of  each 
device  against  20  enter¬ 
prise  applications. 

We  tested  these  products 
from  the  point  of  view  of 
network  and  security  pro¬ 
fessionals;  focusing  heavily 
on  access  control  and  security  features. 

In  terms  of  features,  we  evaluated  audit¬ 
ing,  accounting,  reporting  and  logging 
tools.  We  also  tested  client  integrity  scan¬ 
ners,  which  help  ensure  that  virus  scan¬ 
ners  and  firewall  features  are  up  to  date. 

Applications  are  everything 

The  biggest  difference  between  SSL 
VPNs  and  traditional  IP  Security  remote 
access  VPNs  is  that  the  IPSec  standard 
requires  installation  of  client  code  on 
the  end  user’s  system,  while  SSL  VPNs 
focus  on  making  applications  available 
through  any  Web  browser. 

In  some  cases,  SSL  VPNs  must  provide 
secure  access  to  the  applications  that 
are  served  up  as  static  Web  pages  on 
HTTP  servers,  but  taking  Web  traffic  in 
one  port  and  sending  it  out  another  is 
not  where  these  products  bring  their 
greatest  value.  SSL  VPNs  are  deployed 
for  bigger,  more  compelling  reasons 
such  as  complex  application  translation 
of  Web-to-e-mail  servers,  corporate 
directory  and  calendar  systems,  e-com- 
merce  applications,  file  sharing,  and 
remote  system  management. 

When  it  comes  to  proxying  and  appli¬ 
cation  translation  (see  “SSL  terms  and 
conditions,”  page  44),  we  found  big  dif¬ 
ferences  between  products  (see  graph¬ 
ic,  right).  AEP  and  Whale  were  the  weak¬ 
est  in  this  area,  supporting  the  smallest 


number  of  application  translators  and 
proxies.  Nokia  was  the  only  one  of  the 
stronger  products  to  support  applica¬ 
tion  translation  for  FTP  Network  File 
System  (NFS)  and  Microsoft  file  servers. 
With  F5,  Netscreen  and  Symantec  each 
offering  a  subset  of  the  three.  Netilla  was 
the  only  offering  to  include  translation 
for  both  Windows  Terminal  Services  and 
a  extensive  array  of  terminal  emulators, 
including  telnet, Secure  Shell  (SSH)  and 


IBM  3270. We  tested  all  but  the  IBM  emu¬ 
lations  and  had  good  results.  F5  and 
NetScreen  also  included  terminal  emu¬ 
lator  support  for  telnet  and  SSH,  but  they 
struck  out  because  their  emulators  did¬ 
n’t  work  more  than  25%  of  the  time. 

Because  the  products  we  tested  offer 
such  a  variety  of  options,  for  you  to  pick 
the  right  gateway  for  your  network  you’ll 
need  a  firm  understanding  of  which 
applications  you  need  translation  for  and 
be  able  to  rank  them  in  terms  of  impor¬ 
tance.  For  example,  Symantec  and  F5 
gateways  include  e-mail  application 
translation  —  so  users  can  read  and  send 
mail  via  an  application  running  on  the 
gateway  Unfortunately  Symantec’s  built-in 
Web  mail  feature  doesn’t  work  if  you  have 
a  lot  of  mail  in  your  mailbox. 

Even  SSL  VPN  gateways  that  don’t  sup¬ 
port  a  built-in  Web  mail  tool  would  let  you 
connect  to  a  corporate  messaging  appli¬ 
cation,  such  as  Microsoft  Outlook  Web 
Access,  IBM’s  iNotes  or  the  open  source 
SquirrelMail.  As  our  interoperability  test¬ 
ing  indicates,  these  rich  applications  have 
their  own  problems.  So  you  might  be  left 
with  the  difficult  choice  of  a  rich  Web- 
based  messaging  application  that  not 
everyone  can  use,  or  a  less  powerful  and 
feature-poor  Web  mail  system  that  is 
friendlier  to  unusual  or  older  browsers. 

Some  applications  cannot  be  trans¬ 
lated,  and  SSL  VPN  gateways  have  two 


mechanisms  for  getting  direct  access 
into  the  network:  port  forwarding  and 
network  extension.  Port  forwarding  lets 
you  protect  well-behaved  applications 
on  known  servers,  and  network  exten¬ 
sion  gives  broader  access  via  tunneling 
to  an  entire  network. 

The  further  down  this  direct  access 
path  you  go,  though,  the  more  compli¬ 
cated  and  risky  your  SSL  VPN  deploy¬ 
ment  will  be.  To  accomplish  port  for¬ 
warding  or  network  exten¬ 
sion,  the  SSL  VPN  gateway 
must  push  out  software  to 
the  end  user’s  workstation. 
This  raises  browser  com¬ 
patibility  issues,  operating 
system  problems  and 
security  concerns.  For 
example,  a  user  sitting  in 
front  of  Microsoft’s 
Internet  Explorer  with 
browser  security  set  to 
“high”  would  not  be  able  to  use  any  of 
these  features.  Unfortunately  permissions 
to  lower  browser  security  are  not  always 
available. 

A  second  problem  with  port  forward¬ 
ing  and  network  extension  is  security 
One  promoted  strength  of  SSL  VPNs  is 
the  ability  to  look  into  the  application 
layer  and  give  detailed  access  control  to 
the  network  manager.  When  port  for¬ 
warding  and  network  extension  come 
into  play,  SSL  VPNs  no  longer  offer  such 
access  control  to  applications  because 


they  are  no  longer  aware  of  the  underly¬ 
ing  application.  Rules  down  to  the  URL 
level,  one  of  the  characteristics  of  SSL 
VPN  technology  aren’t  available  when 
using  network  extension  and  port  for¬ 
warding. 

All  the  SSL  gateways  we  looked  at 
except  for  AEP  and  Netilla  provide  some 
port-forwarding  functionality  (see  graph¬ 
ic,  page  44).  However,  port  forwarding  is 
not  sufficient  for  all  applications.  A  good 
example  is  FTP  which  uses  IP  addresses 
and  port  numbers  within  the  protocol  to 
identify  a  server  and  client  socket  for 
data  transfer.  Port  forwarding  won’t  work 
with  all  FTP  clients,  unless  the  SSL  VPN 
gateway  knows  that  it  is  forwarding  FTP 
traffic  and  rewrites  IP  addresses  within 
the  traffic. 

Application  layer  gateways(ALG)  could 
add  this  kind  of  knowledge  to  port  for¬ 
warding,  and  they  are  common  in  real 
firewalls.  SSL  VPN  gateway  vendors  made 
an  effort  to  add  ALGs  to  their  port  for¬ 
warding  to  two  areas:  in  email,  specifi¬ 
cally  MAPI  (for  Exchange  clients)  and 
Notes  smarts,  which  ships  with  the 
NetScreen,  Nokia  and  Symantec  gate 
ways;  and  in  remote  desktop  clients  using 
Citrix  terminal  services,  which  ships  with 
NetScreen  and  Nokia  gateways. 

Instead  of  making  port  forwarding 
smarter  with  ALGs,  many  SSL  VPN  gate 
way  products  support  network  exten¬ 
sion:  connection  of  the  end  user’s 
remote  system  to  the  network  behind 


Lining  up  proxy  and  application  translation  support 

Support  for  Web  applications,  application  translation  of  file  servers  and 
application  translation  of  mail,  terminal  services  and  remote  hosting 
access  (Telnet  and  SSH)  varies  across  applications.  This  chart  only 
indicates  claimed  support,  not  the  results  of  our  interoperability  testing. 
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The  NetScreen-SA  5000  edged  out  competition  from  Nokia's  Secure  Access 
System  to  earn  our  World  Class  award  because  of  its  outstanding  applica¬ 
tion  support,  good  access  control  mechanisms  and  overall  interoperability. 
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Tracking  port  forwarding  and 
network  extension 

We  found  problems  in  the  port  forwarding  and 
network  extension  implementations  in  most  of  the 
products  we  tested.  NetScreen  worked  the  best  in 
our  tests,  but  spotty  platform  compatibility  across 
all  products  makes  this  less  than  a  guaranteed 
universal  solution. 
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the  SSL  VPN  gateway  In  the  group  we 
looked  at, all  but  Nokia  and  Whale  include 
network  extension  technology. 

E-mail  is  arguably  the  most  popular  SSL 
gateway  feature  because  our  testing  found 
yet  another  way  that  some  products  sup¬ 
port  e-mail.  AER  NetScreen,  Nokia  and 
Symantec  all  include  proxies  for  the  stan¬ 
dard  mail  protocols  Simple  Mail  Transfer 
Protocol  (SMTP),  Bast  Office  Protocol  and 
Internet  Message  Access  Protocol.  The 
idea  is  that  you'll  point  your  POP  or  IMAP 
client  mail  application  at  the  SSL  VPN 
gateway, encrypting  from  client  to  the  gate¬ 
way  using  standard  POP-over-SSL,  IMAP- 
over-SSL  and  SMTP-over-SSL,  thus  adding 
security  to  the  mail  transactions.This  tech¬ 
nique  also  can  add  SSL  to  older  mail 
servers  or  give  access  to  servers  that  are 
on  private  address  space.  The  benefit  of 
using  this  technique  is  compatibility 
across  all  modern  platforms  and  modern 
e-mail  clients  without  requiring  special 
operating  system  access  the  way  port  for¬ 
warding  and  network  extension  do. 

Interoperability  problems 

Web  applications  are  frightening  things  to 
security  vendors.The  extreme  generosity  of 
browsers  in  accepting  and  displaying 
incomplete  Web  pages,  incorrect  JavaScript 
and  illegible  Java  has  led  to  a  generation  of 
applications  that  make  little  sense  from  a 
software  development  point  of  view  —  but 
seem  to  work.  Building  an  SSL  VPN  gateway 
to  handle  these  applications  is  an  unenvi¬ 
able  task.  We  tested  20  applications  with 
seven  browser/platform  combinations  and 
found  wide  variation  in  what  works  (see 


graphic,  page  45,  top). 

One  goal  for  this  review  was 
to  test  the  vendors’  claims  that 
these  products  are  easier  to  set 
up  and  use  than  IPSec  VPNs. 

Along  the  way,  we  saw  a  lot  of 
backpedaling:  These  products 
are  easier  for  the  end  user  to 
use,  but  sometimes  harder  for 
the  network  manager  to  main¬ 
tain.  In  some  cases,  we  know 
that  updating  client  software, 
clicking  hidden  or  obscure  fea¬ 
ture  boxes,  and  a  hefty  dose  of 
quality  technical  support 
could  have  solved  the  prob¬ 
lems  we  saw.  But  we  wanted  to 
see  how  well  the  average  net¬ 
work  or  security  manager  — 
not  a  Web  application  pro¬ 
grammer  —  would  do.  We 
ruled  out  changes  to  client  sys¬ 
tems  as  unacceptable  and  not 
in  the  spirit  of  SSL  VPNs’  goal  of 
security  with  ease  of  use. 

We  started  with  five  basic  Web  applica¬ 
tions,  some  of  which  included  basic 
JavaScript.The  only  vendor  to  support  five 
applications  on  seven  platforms  was 
Nokia,  although  F5  and  NetScreen  only 
missed  one  each,  while  Whale  and 
Symantec  missed  three  or  less.  AEP  got 
bad  marks  on  two  of  the  applications,  one 
with  JavaScript  and  the  other  going  to  an 
SSL-protected  Web  server  in  the  back  — 
AEP  doesn’t  support  back-end  servers 
with  SSL,  although  everyone  else  does. 
Netilla  also  lost  points  for  losing  graphics. 
Although  every  page  eventually  loaded 


correctly  if  we  pressed  “Reload”  enough, 
we  gave  Netilla  only  half-credit  on  appli¬ 
cations  that  missed  a  lot  of  graphics  the 
first  time  through. 

Next  up  in  our  testing  were  the  two  big 
mail  applications,  Outlook  Web  Access 
2003  and  iNotes,  versions  6.0  and  6.5. 
Here,  Nokia  came  closest  to  getting  it 
right,  with  AEP  and  Symantec  next  in  line 
(although  Symantec  did  manage  to  crash 
our  Netscape  browser  when  feeding  it 
iNotes).  The  newness  of  Outlook  2003 
threw  a  bit  of  a  curve  at  our  SSL  gateways. 
However,  we  argue  that  a  big  question  for 


SSL  VPNs  is  whether  these 
products  act  like  appli¬ 
ances,  independent  of  the 
software  behind  them,  or 
will  they  put  you  on  a 
treadmill  keeping  things 
up  to  date? 

It’s  pretty  clear  that  ven¬ 
dors  don’t  expect  these 
gateways  to  work  without 
some  tuning.  We  restricted 
ourselves  to  out-of-the-box 
configuration,  but  most  of 
the  systems  had  a  number 
of  obscure  knobs  and 
adjustments  that  were 
added  to  help  increase 
compatibility.  Netilla  is  a 
good  example.  When  defin¬ 
ing  an  application,  for 
example,  you  can  select 
either  “Fast  HTML 
Translation”  or  “Full  HTML 
Translation.”  The  only  docu¬ 
mentation  for  how  to 
choose  one  or  the  other  is  the  ambigious 
note:“Fast  is  appropriate  for  most  pages.”  As 
another  example,  Whale  devotes  75  pages 
of  documentation  to  fine-tuning  the  han¬ 
dling  of  applications . 

Our  third  series  of  tests  used  three  Web- 
based  applications  that  included  Java  and 
different  types  of  Flash.The  results  were  dis¬ 
mal.  F5,  NetScreen  and  Symantec  managed 
to  each  get  one  of  the  applications  working 
some  of  the  time.  AER  Netilla,  Nokia  and 
Whale  scored  zero  in  this  phase.The  lesson 
is  simple:  Advanced  applications  with  tools 
such  as  Java  and  Flash  just  aren’t  going  to 
work  easily  through  SSL  VPN  gateways,  not 
without  using  techniques  such  as  port  for¬ 
warding  or  network  extension. 

Our  fourth  set  of  tests  looked  at  how  these 
devices  handled  Microsoft,  FTP  and  NFS 
file  servers  through  application  translation. 
Scoring  this  was  tougher  because  not  every 
device  claimed  to  support  all  protocols. 
But  we  found  products  too  smart  for  their 
own  good.  F5’s  snazzy  tool  for  browsing  file 
servers  wouldn’t  work  properly  on  our 
Safari  browser;  Netilla’s  tool  wouldn’t  work 
properly  on  anything  but  Internet  Explorer 
browser  on  Windows;  and  Whale  couldn’t 
handle  older  versions  of  Internet  Explorer 
or  Netscape. 

We  also  managed  to  catch  up  both  Nokia 
and  Symantec  with  FTP  server  compatibil¬ 
ity  problems.  When  tested  against  a  stan¬ 
dard  Unix  FTP  server,  both  worked  perfectly 
But  when  we  aimed  them  at  our  OpenVMS 
server,  neither  could  hack  it. 

Our  last  series  of  tests  looked  at  the  port 
forwarding  and  network-extension  capabil¬ 
ities.  We  maintained  a  strict  rule  about 
technical  support:  None  was  allowed. 

Macintosh  users  be  warned:  Even  the 
products  that  claim  to  work  with  Mac¬ 
intosh  systems  (NetScreen  and  Nokia  say 
they  support  Mac  OS  X  for  port  forward¬ 
ing)  don’t  fully  hit  the  mark.  We  got 
NetScreen  to  work  with  one  of  our  three 
Macintosh  browsers,  Safari,  but  we  never 
could  get  Nokia  to  start  properly. 

For  Windows  users,  port  forwarding  — 


SSL  terms  and  conditions 


The  Secure  Scokets  Layer  VPN  market  brings  together 
many  technologies  to  accomplish  the  goal  of  secure 
remote  access.  Understanding  the  strengths  and  limita¬ 
tions  of  SSL  VPNs  means  knowing  the  meaning  of  four  criti¬ 
cal  terms:  proxying,  application  translation,  port  forwarding 
and  network  extension. 

SSL  VPN  devices  all  start  with  at  least  one  function:  proxy¬ 
ing  Web  pages.  For  the  SSL  VPN  system  that  means  connect¬ 
ing  to  a  Web  server,  downloading  a  Web  page  and  shipping  it 
back  over  an  SSL  connection  to  the  end  user's  browser.  The 
devil  is  in  the  details,  but  it's  pretty  easy  to  understand. 

Things  get  complicated  when  you  start  talking  about  any¬ 
thing  other  than  a  Web  page.  The  next  step  up  in  complexity 
involves  application  translation.  A  good  example  of  this  is  how 
SSL  VPN  devices  treat  file  servers.  The  SSL  VPN  device  will 
talk  the  native  file  server  protocol,  such  as  Microsoft's  CIFS  or 
FTP.  But  the  application  protocol  is  translated  by  the  SSL  VPN 
device  from  FTP  or  CIFS  on  the  inside,  to  HTTP  and  HTML  on 
the  outside  so  that  the  end  user  sees  the  file  server  as  if  it 
were  a  Web  page,  in  effect  "Webifying"  the  application. 

Application  translation  works  for  some  things,  but  not  for  oth¬ 
ers.  Some  applications,  such  as  Microsoft  Outlook  or  instant¬ 
messaging  tools,  have  a  particular  look  and  feel  that  is  lost  dur¬ 
ing  the  translation  to  a  Web-based  interface.  This  brings  us  to 
port  forwarding,  a  technique  that  works  for  well-defined  appli¬ 
cations.  Port  forwarding  requires  a  very  small  application  that 
runs  on  the  end  user's  system,  often  a  Java  or  ActiveX  tool.  The 


port  forwarder  listens  for  connections  on  a  port  that  are 
defined  for  each  application.  When  packets  come  in  on  that 
port,  they  are  tunneled  inside  of  an  SSL  connection  to  the  SSL 
VPN  device,  which  unpacks  them  and  forwards  them  to  the 
real  application  server.  To  use  the  port  forwarder,  the  end  user 
simply  points  the  application  he  wants  to  run  at  his  own  system 
rather  than  the  real  application  server. 

Port  forwarding  is  a  very  effective  technique,  but  it  also  has 
some  severe  limitations.  For  port  forwarding  to  work,  the 
applications  need  to  be  well-behaved  and  predictable  in  their 
network  connectivity  patterns  and  needs.  Although  there  are 
port-forwarding  tools  written  in  Java  that  work  across  plat¬ 
forms,  our  experience  was  that  port  forwarders  tend  to  be 
platform-specific. 

The  fourth  technology  some  vendors  are  including  in  their 
products  is  network  extension.  SSL  VPN  network  extension 
connects  the  end  user’s  system  to  the  corporate  network, 
with  access  controls  only  based  on  network-layer  informa¬ 
tion,  such  as  destination  IP  address  and  port  number. 

Network  extension  also  moves  completely  away  from  oper¬ 
ating  system  independence  and  requires  administrative 
access  to  the  local  system.  SSL  VPN  network  extension  runs 
on  top  of  the  SSL  protocol,  trading  off  the  higher  security  of 
IP  Security  for  simplicity  of  management  and  greater  robust¬ 
ness  in  the  face  of  different  network  topologies,  such  as  fire¬ 
walls  and  network  address  translation. 

—  Joel  Snyder 
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where  supported  —  works  pretty  well.  We 
had  no  problems  getting  F5,  NetScreen, 
Nokia  and  Symantec  to  forward  single-port 
and  multi-port  applications.  Whale  hic- 
cuped,  refusing  to  run  in  the  Netscape 
browser  and  claiming  that  a  user  needs  to 
be  a“Fbwer  User”  to  start  the  port  forwarder. 
That  would  be  reasonable,  except  that  we 
were  logged  in  as  Administrator. 

We  hit  glitches  on  the  network  extension 
front,  too.  While  NetScreen  and  Netilla  ran 
flawlessly  AEP  wouldn’t  support  the  User 
Datagram  Protocol  (UDP)-based  applica¬ 
tion  we  tried.  F5  worked  sometimes  but 
other  times  we  got  a  blue-screen  on 
Windows  2000.  Symantec’s  VPN  also  had 
problems,  largely  because  there’s  no  docu¬ 
mentation  and  no  client. 

Based  on  our  interoperability  testing,  we 
conclude  that  these  products  fall  short  of 
the  promise  of  an  easy-to-use  universal 
gateway  to  enterprise  applications.  Simple 
Web  pages  and  basic  JavaScript  seem  to 
work  pretty  well  in  the  better  products,  but 
we  were  disappointed  that  Java,  Flash,  file 
services,  port  forwarding  and  network- 
extension  support  were  haphazard, difficult 


to  work  with  and  not  interoperable. 

Access  control  counts 

As  security  appliances,  these  products 
need  to  provide  fine-grained  control  of 
security  of  applications. 

All  products  included  the  ability  to 
enable  and  disable  access  to  applications 
using  groups.  At  the  simplest  end  of  the 
spectrum  are  AEP  F5  and  Netilla.  Netilla 
lets  the  network  manager  define  a  Web 
application  as  a  series  of  URLs.  Once  the 
application  is  defined,  users  and  groups  are 
given  or  denied  access  to  it.  AEP  has  a  sim¬ 
ilar  level  of  control.  F5  comes  at  the  access 
control  from  the  group  level,  but  because 
of  the  way  the  interface  is  designed, you  are 
actively  discouraged  from  having  more 
than  a  small  number  of  groups,  and  users 
can  be  in  only  one  group.  In  some  environ¬ 
ments,  just  saying  “yes”  or  “no”  at  the  appli¬ 
cation  level  is  fine,  but  you  can  run  out  of 
options  quickly 

With  Symantec,  rather  than  apply  access 
controls  to  applications,  you  can  apply 
access  controls  to  groups  and  users.  Thus, 
you  say  what  a  group  has  access  to  and  eas- 


Hitting  on  interoperability 


This  chart  shows  how  each  product  fared  against  our  application 
interoperability  tests  across  all  seven  platform/browser  combinations. 
100%  means  all  applications  worked  on  all  platforms.  These  percentages 
take  into  account  lack  of  support  as  stated  by  vendors  and  interop¬ 
erability  failure  in  our  tests.  To  get  the  most  information  out  of  this 
chart,  find  the  application  category  you  care  about  most  and  compare 
products  in  that  column. 
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ily  manage  many  different  groups  and  their 
access  controls.  In  Symantec’s  hierarchical 
model,  it’s  easy  to  say  that  engineers  can 
read  and  write  files  from  the  file  server,  but 
QA  testers  only  can  read  those  same  files. 
That  sounds  easy,  but  only  Symantec  and 
NetScreen  let  you  think  that  way  Symantec’s 


model  is  powerful.  There  are  a  lot  of  com¬ 
plexities  to  what  you  can  do,  but  the  prod¬ 
uct  doesn’t  make  it  hard  to  get  started  as  it 
has  a  good  GUI  front  end. 

Another  dimension  to  access  control  is 
going  further  than  just  group  or  user.  In  this 
regard,  Nokia  is  the  undisputed  champ, 
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although  NetScreen  and  Whale  also  have 
some  pieces  of  the  big  picture.  For  Nokia, 
the  fine  variations  lie  in  what  resources  you 
have  access  to  and  what  you  can  do  with 
those  resources.  If  you  want  to  use  a  coarse 
control,  you  can  pick  groups  that  are  per¬ 
mitted  or  denied  access  to  a  resource.  But 
amazing  control  is  just  a  click  away  For 
example,  you  can  permit  access  to  a  par¬ 
ticular  file  if  someone  has  authenticated 
using  a  Lightweight  Directory  Access 
Protocol  (LDAP)  server  and  his  virus  scan¬ 
ner  is  up  to  date. 

Handling  authentication 


Whale  throws  a  change-up  when  it 
comes  to  access  control.  While  providing 
simple  access  controls,  the  strength  of  this 
product  lies  in  its  application-level  firewall. 
Whale  lets  you  dissect  individual  URLs  and 
provide  a  high  level  of  error  checking  and 
validation.  For  example,  in  a  URL  that  sub¬ 
mits  data  to  a  form,  Whale  can  check  each 
attribute  that  should  be  in  the  form  for 
length,  blocking  malformed  data.  It  sounds 
tedious,  complicated  and  hard  to  use,  and 
it  is.  Whale  helps  out  the  network  manager 
by  prepackaging  some  of  the  most  popular 
applications  with  pre-built  rules  sets. 
Unfortunately,  for  the  applications  we  test¬ 
ed  (Outlook  2003  and  iNotes),  neither  rule 
set  was  current  or  correct.The  only  way  we 
got  those  applications  to  work  was  by  dis¬ 
abling  the  firewalling  the  product  offers. 
Whale  offered  to  fix  its  rule  sets, saying  that 
it  would  do  this  for  any  customer  and  any 
application. 

A  major  disappointment  in  access  con¬ 
trol  is  how  SSLVPNgateways  control  access 
to  file  servers.  Whale  and  Netilla  had  unac¬ 
ceptably  poor  control  of  access.  With  these 
products,  once  a  user  is  let  in  to  a  share  on 
the  Windows  network,  the  SSL  VPN  gateway 
offered  no  additional  control  over  where 
he  could  go  or  what  he  could  do.  In  con¬ 
trast,  NetScreen,  Nokia,  and  Symantec  let 
you  define  read  and  write  access  at  the 
individual  file  level. F5  also  impressed  us  by 
including  a  virus  scanner,  which  lets  you 
scan  files  for  infections  during  upload. 

Authentication  integration 

Identifying  users  and  putting  them  into 


groups  is  a  critical  part  of  any  SSL  VPN 
deployment.  We  tried  to  consider  large 
businesses  and  the  infrastructure  they 
would  already  have  in  testing  these  prod¬ 
ucts.  We  focused  on  LDAP  and  RADIUS  as 
the  most  likely  candidates  for  authentica¬ 
tion  and  turned  up  good  and  bad  designs 
(see  graphic,  below). 

RADIUS  was  an  easy  choice  because  of 
widespread  availability  of  RADIUS  servers 
and  the  common  use  of  RADIUS  to  authen¬ 
ticate  against  Windows,  Unix  and  token- 
based  systems  such  as  RSA  Security’s 


SecurlD,  but  we  found  that  some  vendors 
haven’t  done  their  homework  on  RADIUS. 
We  linked  all  the  products  to  our  RADIUS 
server  without  problems,  but  only 
NetSscreen  and  Nokia  were  flexible 
enough  to  get  group  information  out  of  the 
RADIUS  server.  In  other  products,  RADIUS 
users  had  to  be  mapped  to  groups  via 
some  other  method.  In  the  worst  case, 
Whale  and  AEP  require  you  to  manually 
map  RADIUS  users  to  the  groups. 

For  many  vendors,  LDAP  support  is  syn¬ 
onymous  with  Active  Directory  support. We 
had  so  many  problems  with  AERSymantec 
and  Whale  that  we  had  to  replace  our  exist¬ 
ing  LDAP  server  for  an  Active  Directory 
server  to  make  them  work.  Even  then,  we 
continued  to  have  problems  with  Syman¬ 
tec’s  LDAP  implementation,  including  poor 
connectivity  and  obscure  error  messages. 

If  you  are  using  LDAP  in  any  other  form, 
you’ll  want  to  go  with  F5,  NetScreen  or 
Nokia.  We  managed  to  trip  up  NetSscreen 
and  find  an  LDAP  configuration  it  couldn’t 
handle, but  technical  support  had  a  fix  for  it. 
All  three  of  those  products  had  sufficiently 
generic  LDAP  implementations  to  work  with 
a  variety  of  environments  and  schemas. 

Because  SSL,  in  general,  is  based  on  cer¬ 
tificates,  we  expected  these  products  to  be 
excellent  in  their  support  of  public-key 
infrastructure  (PKI).  But  we  were  disap¬ 
pointed  because  only  Nokia  supported 
certificates  for  authentication  (and  even 
then  didn’t  include  support  for  Certificate 
Revocation  Lists,  which  are  required  for 
any  good  PKI  implementation). 

F5,  NetScreen  and  Whale  did  make  use  of 


client-side  certificates  for  additional 
authentication,  but  not  as  a  primary 
authentication  method.  For  example, 
Whale  has  the  concept  of  a  “trusted  end¬ 
point,"  a  user  who  not  only  authenticates 
but  also  presents  a  certificate.  In  defining 
access  control  in  Whale’s  configuration, 
you  can  differentiate  between  users  who 
have  a  certificate  and  those  who  don’t.The 
idea  is  that  a  user  will  log  on  from  home,  at 
his  home  PC,  and  have  his  certificate; 
because  he  is  trusted,  he  can  be  given  a 
higher  level  of  access  than  when  he  logs  on 
from  someone  else’s  PC  or  an  Internet 
kiosk,  where  his  certificate  won’t  be  pre¬ 
sent.  F5,  NetScreen  and  Nokia  all  offer  a 
similar  configuration  option. 

Reporting  and  logging 

As  security  appliances,  we  expected 
these  SSL  gateways  to  have  strong  auditing, 
logging  and  reporting  features.  We  wanted 
to  see  audits  of  every  change  to  the  config¬ 
uration.  We  wanted  session  data,  showing 
when  users  logged  on,  logged  out  and  how 
much  resource  they  had  consumed.  And 
we  wanted  transaction  data,  every  single 
Web  page  going  through  the  system,  if  not 
for  accounting  then  at  least  for  debugging 
and  usage  analysis. 

F5  exceeded  our  expectations.  In  addi¬ 
tion  to  all  the  logging  we  wanted,  the  F5 
gateway  also  was  smart  enough  to  auto¬ 
matically  push  its  logs  up  to  a  server  some¬ 
where  else,  using  FTP  SMTP  or  a  secure 
copy  NetScreen,  Nokia  and  Symantec  all 
gave  acceptable  levels  of  logging  with 
some  associated  bells  and  whistles.  Nokia 
had  more  than  a  dozen  subsystems  that 
you  could  individually  change  logging  on, 
or  you  could  pick  particular  users  and 
applications  and  increase  the  level  of  log¬ 
ging  either  for  debugging  purposes  or  just 
to  keep  a  closer  eye  on  parts  of  the  system. 
This  was  a  nice  enterprise-level  feature, 
where  it  might  not  be  practical  to  turn  up 
high  logging  on  a  production  system  just  to 
help  catch  one  problem. 

Getting  the  log  files  off  of  the  SSL  VPN 
gateway  is  always  going  to  be  a  bit  tricky. We 
were  disappointed  that  no  one  included 
RADIUS  accounting,  even  though  everyone 
used  RADIUS  for  authentication.  Some  sys¬ 
tems, such  as  NetScreen  and  Symantec,  nat¬ 
urally  wanted  to  push  logs  up  using  SYS- 
LOG.  Without  careful  planning,  this  would 
overwhelm  a  normal  SYSLOG  server,  mix¬ 
ing  error  messages  with  accounting  infor¬ 
mation.  Symantec  has  a  good  answer:  It  lets 
you  pick  different  SYSLOG  hosts  for  differ¬ 
ent  services.  Network  managers  might  pre¬ 
fer  to  simply  pull  accounting  data  off  the 
appliances  themselves  using  a  script, which 
is  how  Nokia  and  Whale  serve  it  up. 

We  were  also  interested  in  real-time  infor¬ 
mation.  Although  F5  had  an  excellent 
showing  in  this  area,  Symantec  also  won 
our  admiration  for  its  graphics  and  report¬ 
ing,  not  only  showing  who  was  logged  on, 
but  also  how  the  system  itself  was  perform¬ 
ing.  A  dashboard  showing  multiple  graphs 
would  have  been  a  nice  addition,  but 
knowing  what  the  CPU,  memory  and  I/O 
load  are  will  be  great  for  any  network  man¬ 


Most  products  cover  the  main  bases,  but  there  are  subtle  differences 
in  the  details.  This  chart  only  indicates  claimed  support,  not  the  results 
of  our  interoperability  testing.  In  our  tests,  LDAP  is  a  particular  problem 
because  of  the  variation  in  databases,  so  check  compatibility  with  your 
schema  carefully. 
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you  can  use  them  to  supplement  other  authentication  methods. 
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ager  who  has  to  worry  about  performance. 
Netilla  had  a  similar  graphing  capability  for 
performance  data.  Whale  caused  us  some 
concern  because  its  real-time  information 
tools  didn’t  seem  to  work  correctly  Even 
during  the  light  load  our  testing  presented, 
we  could  see  that  some  events  were  being 
lost  out  of  the  real-time  displays. 


Picking  a  product 

It’s  difficult  to  pick  an  obvious  favorite. 
While  we  were  not  overly  excited  by  the  AEP 
Netilla  or  Whale  offerings  overall,  each  has 
its  own  strengths.  Whale  includes  a  sophisti¬ 
cated  application  layer  firewall.  Netilla  has 
the  most  extensive  set  of  application  transla¬ 
tion  functions.  However,  these  products 
looked  more  like  they  had  been  wedged 
into  the  SSL  VPN  gateway  space  and  will  be 
most  appropriate  when  application  require¬ 
ments  call  for  their  specific  strengths. 

F5  holds  our  admiration  for  its  easy-to-use 
interface  and  strong  product.  But  it  seems 
particularly  weak  in  access  control,  some¬ 
thing  the  product  management  team  told 
us  it  is  working  on  for  future  versions. 

The  NetScreen,  Nokia  and  Symantec 
development  teams  all  had  done  serious 
thinking  about  SSL  VPNs  from  scratch,  and 
their  products  are  sprinkled  with  bits  and 
pieces  showing  that  they  have  spent  a  fair 
amount  of  time  in  the  trenches  getting  this 
to  work  and  understanding  the  tough  issues. 


Snyder  is  a  senior  partner  at  Opus  One  in 
Tucson,  Ariz.  He  can  be  reached  at  joel. 
snyder@opusl  .com. 


Thanks 

Thanks  to  all  the  vendors  that  loaned 
us  software  and  hardware  to 
complete  this  review.  Those  include 
Apple,  for  loan  of  a  Powerbook  for 
client  tests;  Avocent,  for  loan  of  an 
AMX  KVM  switch;  Macromedia,  Altio, 
IBM,  Microsoft,  Ipswitch  and  Citrix 
for  assisting  with  installation  and 
configuration  of  their  applications; 
and  VMware  (soon  to  be  EMC)  for 
use  of  GSX  Server  to  run  multiple 
applications. 


Global  Test  Allian& 


■  Snyder  is  a  member  of  the  Network 
World  Global  Test  Alliance,  a  cooperative  of 
the  premier  reviewers  in  the  network  in¬ 
dustry,  each  bringing  to  bear  years  of 
practical  experience  on  every  review.  For 
more  Test  Alliance  information,  including 
what  it  takes  to  become  a  member,  go  to 
www.nwfusion.com/alliance. 
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Let’s  get  physical 

IT  security  must  include  locked  doors  and  premises  protection,  not  just  firewalls. 


■  BY  TIM  GREENE 

Wells  Fargo  bank  offered  $100,000  in  November  to  catch  a  thief 
who  stole  the  Social  Security  numbers  and  account  information 
of  thousands  of  bank  customers.  While  the  crime  sounds  like 
something  that  a  clever  hacker  might  pull,  in  this  case  the  crook 
did  his  work  the  old-fashioned  way  —  he  broke  into  a  consul¬ 
tants  office  and  walked  off  with  his  computer. 


This  story  which  had  a  happy  ending  for 
the  bank  and  its  customers,  points  to  the 
need  for  IT  security  professionals  to  pay 
attention  to  the  “guns  and  dogs”  physical 
security  that  surrounds  their  networks.  No 
amount  of  firewalls,  encryption  or  access 
lists  can  stop  a  criminal  who  gets  into  a 
server  room. 

“IT  guys  really  have  to  think  about  what’s 
protecting  their  data.  How  much  of  that  is 
Cisco  or  Microsoft  or  IBM,  and  how  much 
of  that  is  Pinkerton  or  Brinks?”  says  Phil 
Libin,  president  of  CoreStreet,  a  vendor 
that  makes  equipment  to  control  access  to 
buildings  and  networks. 

Once  intruders  with  know-how  are  left 
alone  with  machines,  the  game  is  pretty 
much  over.“l  can  have  a  hard  drive  out  of 
a  computer  within  5  minutes,”  says  Bill 
Farwell,head  of  the  digital  forensics  prac¬ 
tice  at  Deloitte  Touche.  Keeping  data 
thieves  away  from  your  machines  is  key 
and  requires  learning  more  about  secur¬ 
ing  hardware,  rooms,  buildings  and  cam¬ 
puses,  he  says. 

Interest  in  this  convergence  of  corporate 
security  is  growing.  At  a  fall  Computer 
Security  Institute  conference,  a  session  on 
general  security  trends  was  booked  in  a 
room  with  seats  for  about  20.  About  120 
people  showed  up  eager  to  discuss  physi¬ 
cal  security,  says  session  moderator  Terri 
Curran,  information  security  officer  for  the 
Center  for  Digital  Forensic  Studies  and  for¬ 
mer  chief  security  officer  at  Gillette. 
Government  regulations  on  privacy  in 
healthcare  and  accountability  in  financial 
institutions  are  spurring  this  interest. 
Protecting  data  is  no  longer  a  business-by- 
business  decision;  it  can  be  the  law. 

One  hurdle  to  leap  is  that  people  in 
charge  of  building  security  and  those  in 
charge  of  IT  security  come  from  different 
cultures.  Many  traditional  security  chiefs 
are  retired  cops  who  apply  their  knowl¬ 


edge  of  personal  safety  to  a  business.  IT 
security  people  worry  more  about  who 
can  break  into  a  network  electronically, 
Curran  says. 

Vulnerabilities  can  lie  in  the  seams 
between  these  realms,  says  Andrew 
Stewart,  the  security  practice  lead  for 
Intellinet,  a  network  services  consultancy 
For  instance,  a  financial  institution  he 
worked  with  had  network  terminals  inside 
conference  rooms  located  off  a  busy 
lobby  guarded  by  a  lone  receptionist. The 
IT  staff  didn’t  consider  that  the  room  was 
unsecure  and  the  physical  security  people 
didn’t  consider  that  a  valuable  asset  was 
being  exposed.  “Many  IT  security  people 
are  locked  into  the  mindset  of  thinking 
about  virtual  domains  and  not  physical 
domains,”  he  says. 

More  and  more  security  professionals 
recognize  this  and  are  seeking  dual  certi¬ 
fication,  Curran  says.  One  is  the  Certified 
Protection  Professional  granted  by  the 
American  Society  of  Industrial  Security 
for  physical  security  expertise.  The  other 
is  the  Certified  Information  System 
Security  Professional  issued  by  the 
Information  Systems  Security  Certification 
Consortium2. 

Short  of  that,  individuals  can  start  to 
think  differently,  Farwell  says.  Physical 
security  should  be  looked  at  as  a  series  of 
concentric  perimeters,  with  each  layer 
more  secure  than  the  previous  one.  What 
belongs  in  which  circle  depends  on  the 
value  the  corporation  places  on  it.  A  Web 
server  that  contains  only  corporate  public 
information  might  have  a  lower  value  than 
one  on  which  customers  buy  products.“lf 
somebody  steals  a  server,  it  costs  $10,000 
or  $30,000  [for  the  machine],  but  it  might 
represent  $5  million  in  lost  revenue.  You 
have  to  identify  your  assets.  What  are  your 
crown  jewels?”  he  says. 

Once  ranked, assets  have  to  be  protected 


Tips  for  extending 
network  security 


To  keep  your  business 
data  safe,  consider  the 
physical  settings  in  which 
your  networks  live  and  the 
people  who  access  them.  Here  are 
some  suggested  steps  to  take: 


accordingly  “You  think  access  control,” 
Farwell  says.  “At  the  first  layer  you  have  a 
key-card  door.  At  the  second  door  you 
need  a  key  card  plus  a  PIN.” 

When  outside  help  needs  to  get  in  for 
upgrades  and  repairs,  authorized  staff 
must  watch  them  at  all  times. 

Screening  those  with  cards  and  PINs  is 
just  as  important,  Curran  says.  “Hardened 
facilities,  man-traps,  biometrics  are  fine.You 
also  have  to  check  the  backgrounds  of  peo¬ 
ple  you  let  into  the  facility  she  says.  Some¬ 
one  with  a  criminal  past  obviously  would 
be  excluded.  But  a  firewall  expert  with 
phony  credentials  can  be  just  as  danger¬ 
ous,  even  if  he  fouls  things  up  out  of  incom¬ 
petence  rather  than  bad  intent,  she  says. 

Implementing  an  overarching  security 


policy  is  essential  and  might  require  a 
chief  security  officer  who  has  responsibil¬ 
ity  for  both  the  safety  of  personnel  and 
property  as  well  as  network  security, 
Stewart  says. 

“When  I  ask  who  is  in  charge  of  network 
security,  1  often  hear  that  it’s  part  of  every¬ 
body’s  job.  But  unless  somebody  is 
accountable  for  security,  it  won’t  get  done,” 
Stewart  says.  “Security  is  about  account¬ 
ability  —  whose  fault  is  it  when  something 
occurs  that  should  not  occur." 

Even  with  someone  clearly  in  charge,  it’s 
tough  to  know  whether  things  are  working 
well.  No  successful  attacks  could  mean 
either  none  were  tried  or  that  some  were 
tried  and  all  were  defeated.  Companies 
don’t  know  whether  they  have  enough 
security  until  something  goes  wrong  and 
they  find  out  they  didn’t  have  enough, 
Stewart  says. 

In  the  case  of  Wells  Fargo,  the  data  was 
on  the  computer  of  a  consultant  and  was 
outside  bank  facilities.  In  hindsight,  it’s 
easy  to  see  that  if  the  data  was  allowed  on 
that  computer,  that  computer  should  have 
been  secured. 

Luckily,  the  burglar  apparently  stole  the 
computer  for  the  hardware  and  software, 
not  for  the  value  of  its  contents.  When  the 
suspect  used  the  computer’s  AOL 
account,  investigators  traced  the  connec¬ 
tion  to  his  house  where  they  found  the 
missing  machine  and  made  an  arrest. 

It’s  a  happy  ending  to  a  story  that  need 
not  have  started  at  all  if  a  tighter,  con¬ 
verged  security  plan  was  in  place.* 


Cross-train  physical  security  staff 
with  IT  security  staff  so  they  all  think 
outside  their  respective  boxes. 


Consider  giving  a  security  officer 
authority  over  both  physical  and  IT 
security. 


Don’t  use  unsecure  protocols  on  your 
internal  network  because  a  physical 
security  breach  will  leave  it  vulnerable. 


Shore  up  or  shut  down  network  access 
points  in  public  areas  such  as  lobbies 
and  lounges. 


Train  staff  in  security  procedures  so 
they  don’t  leave  keys  and  PINs  lying 
around  where  someone  can  access 
them. 


Never  leave  consultants  and  other 
"outsiders”  alone  in  sensitive  areas 
such  as  switch  rooms  and  data 
centers. 


Carefully  screen  the  credentials  of  all 
IT  staff. 
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Custom  Management  Levels 


Test-drive  the  new  Observer  9.0  today  and  see  how  it  immediately 
finds  problems  you  didn’t  know  you  had,  optimizes  network  traffic 
and  provides  insight  for  future  planning.  Call  800-526-7919  for 
a  full  featured  evaluation  or  visit  our  website  at 

www.networkinstruments.com/nine 


OBSERVER 

•  Decode  over  500  protocols 

•  Long-term  network  trending  &  analysis 

•  Real-time  statistics 


Remote  &  Hardware  Options 


REMOTE  NETWORKING  PROBES 

•  Fully  distributed 

•  Monitor  up  to  64  NICs  simultaneously 

•  New  levels  of  problem  solving  collaboration 


EXPERT  OBSERVER 

•  What-lf  Modeling  Analysis 

•  Expert  Analysis 

•  Connection  Dynamics 


Introducing  Observer  9.0 


GIGABIT  &  WAN  HARDWARE  OPTIONS 

•  Portable  analyzer  systems 

•  Rack-mount  Probes  ready  to  go 

•  Direct,  passive  link  for  independent  views 


•  New  Application  Analysis 

•  Remote  probes  now  provide  multi-interface  and 
multi-session  support 

•  Industry-first  4GB  packet  capture  buffer 

•  Wireless  Site  Survey  Modes 

•  Nanosecond  resolution 

•  Now  over  450  Expert  Events 

•  SNMP,  RMON  and  now  HCRMON  support 


OBSERVER  SUITE 

•  Complete  SNMP  device  management 

•  Supports  full  RM0N1,  RM0N2,  HCRMON 

•  Web  Publishing  Reports 
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One  Network  Complete  Control  Wired  to  Wireless  •  LAN  to  WAN 
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Instantly  Search  Gigabytes  of  Text  Across 
II  t9VClV%ll  a  PC,  Network,  Intranet  or  Internet  Site 


Publish  Large  Document  Collections 
to  the  Web  or  to  CD/DVD 

♦  over  two  dozen  indexed,  unindexed,  fielded  &  full-text  search  options 

♦  highlights  hits  in  HTML,  XML,  &  PDF  while  displaying  embedded 
links,  formatting  &  UnTWItM 

♦  converts  other  file  types  (word  processor,  database,  spreadsheet, 
email,  ZIP,  Unicode,  etc.)  to  HTML  for  display  with  highlighted  hits 


‘The  most  powerful  document  search  tool  on  the  market” 

-Wired  Magazine 


‘intuitive  and  austere  ...  a  superb  search  tool”  -PC  World 


‘Blindingly  fast”  -Computer  Forensics:  Incident  Response  Essentials  J 
‘A  powerful  arsenal  of  search  tools”  -The  New  York  Times 


dtSearch  “covers  all  data  sources ...  powerful  Web-based 

engines”  -eWEEK 
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“Searches  at  blazing  speeds”  -Computer  Reseller  News  Test  Center  J 

In  the  past  two  years,  over  half  of  the  Fortune  15  purchased 
dtSearch  developer  or  network  licenses. 

1-800-IT-FINDS  See  www.dtsearch.com  for: 

sales@dtsearch  .com  ♦  hundreds  of  developer  case  studies  &  reviews 

♦ fully-functional  evaluations 


IdtSearch 


Industrial-strength.. 
superb"-pc  Magazine 


Industrial-strength.. 
Superb"-PC  Magazine 


dtSearch 


'Industrial-strength  ... 
Superb"-PC  Magazine 


♦  $999i  Denser, ver* 


for  CD/ DVDS 


dtSearch 


gddtSearch 
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♦  for  Win  &  .NET 
♦  for  Linux 

♦  call  for  pricing 


Network 
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«;iJDerb"-PC  Magazine 


Industrial-strength 


-PC  Magazine 


♦  from  $2,500 


♦  from  $800 


The  Smart  Choice  for  Text  Retrieval®  since  1991 


Fingerprint  Authentication  Scanner  Enterprise  KVM  Solutions  Advanced  Console  Servers  Network  Management  Gateway 

AlterPatlTBio  AlterPath'“ICVM  AlterPath,MACS  AlterPath™  Manager 

Cyclades  data  center  management  solutions  offers  a  full  range 
of  security  features  across  its  entire  product  line  of  console  servers, 
power  management,  KVM,  biometric  scanner  and  network  management 
With  SSH  v2,  IP  Filtering,  strong  authentication,  event  logging  and 
data  logging,  Cyclades  can  make  your  network  into  a  secure 
heavyweight  contender  in  the  data  center  world. 


Intelligent  Power  Distribution  Units 

AlterPath'MPM 


For  a  FREE  white  paper  on  data  center  security,  please  visit  us  at  www.cyclades.com/securitywp 
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Everywhere  with  Linux 
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CrystalView™  Mini 
CAT 5  KVM  EXTENDER 

♦  Extends  KVM  station  up  to  150 
feet  away 

♦  optional  serial/audio 

♦  Single  or  dual  (dual  supports 
second  KVM  station) 


CrystalView™ 

CAT 5  KVM  EXTENDER 

♦  Extends  your  KVM  station  up  to 
1000'  from  your  computer 

♦  Supports  PC,  Sun,  or  USB, 
optional  Audio/Serial 

♦  Single  or  dual  (dual  supports 
second  KVM  station) 


UltraLink™ 
REMOTE  KVM  ACCESS  OVER  IP 

i  Connect  to  remote  computer  over  Ethernet  or  dial-up 

■  Single,  dual,  quad  models 

■  Local  KVM  port  to  access  computers  at  UltraLink  unit 

■  Modem  port  with  dial-back  security 

s  Up  to  1280x1024  resolution,  supports  all  platforms 

Easy  to  install,  give  it  an  IP  address  and  run  the 
remote  client,  no  licensing  required 

■  Scaling  of  computer  image  reduces  amount  of  data 
sent  and  permits  fast  screen  updates  over  slow  links 

m  Quad  screen  mode  allows  you  to  see  four  servers 
from  one  screen 

h  SSL  security  and  passwords  prevents  unauthorized 


♦  Up  to  1280x1024  resolution  ♦  Up  to  1600  xl  200  resolution 

♦  Available  as  standalone,  rack 
mounted,  or  high  density  chassis 


CrystalView™  Pro 
DIGITAL  KVM  EXTENDER 
OVER  FIBER  OR  CAT  5 

♦  Extends  KVM  signals  up  to  33,000 
feet  away 

♦  Uses  only  two  fibers  or  single  Cat  5 

♦  Supports  DVI/VGA,  PC,  Sun,  USB. 
optional  Audio/Serial 

♦  Single  or  dual  (dual  supports 
second  KVM  station) 

♦  Up  to  1 600x1 200  resolution 


CrystalView™  Rack 
CAT 5  KVM  EXTENDER 

♦  Extends  the  distance  from  6  or  1 2 
PC's  up  to  1 000  feet  away 

♦  optional  serial/audio 

♦  Single  or  dual  (dual  supports 
second  KVM  station) 

♦  Up  to  1600x1200  resolution 


Rose  Electronics  ■  10707  Stancliff  Road  •  Houston,  Texas  77099 
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MAKE  IT  HAPPEN. 


Remote  Monitoring  Solutions 

RMON  and  HCRMON  Probes 

You  want  remote  monitoring  solutions  for  visibility  into  every  part  of  your  network.  With 
RMON  and  HCRMON  Probes  from  Network  Instruments,  it’s  easy.  Convert  any  PC  into  a 
complete  remote  network  monitoring  data  collection  device.  Use  the  RMON  appliance 
(available  in  1U  and  4U  systems)  for  a  full  turn-key  solution.  Call  800-526-7919  for  more 
information  or  visit  our  website  at  www.networkinstruments.com/RMON. 


Full  compliance  with  RM0N1 ,  RM0N2  and  HCRMON 
High  capacity  RMON  Probes  provide  full-duplex  Gigabit 
capture  compatible  with  any  RMON  management  console  or 
collection  facility  (Observer,  OpenView,  Concord 
NetScout1,  Micromuse™) 

Complete,  industry  standard,  software- based  probes  for 


Windows  2000/XP 


Software  based,  non-dedicated  data  collection 
Compatible  with  Network  Instruments’  optimized  ErrorTrak™ 
NDIS  drivers,  which  display  true  errors-by-station. 


One  Network  Complete  Control 


Wired  to  Wireless  •  LAN  to  WAN 
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We  Buy  New/Used 

CISCO 


714-878-2953 

Call  us  today  to  recover 
your  assets 


You  got  the  gear ; 
we  got  the  cash! 
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Web  Based  Boot  Bar 


Yes,  you  can  Switch 
Power  over  the  Internet 


Servers,  routers,  and  other  electronic  equipment  sometimes 
“lock-up,”  often  requiring  a  service  call  to  a  remote  site  just  to  flip 
the  power  switch  to  perform  a  simple  reboot... 

The  NBB  “Mini”  Boot  Bar  Power  Switch,  gives  you  the  ability  to 
perform  this  function  from  anywhere! 

■  Web  Browser  Access  for  Easy  Operation 

■  Telnet  and  Serial  Access 

■  Encrypted  Password  Security 

■  Five  Individual  Outlets 

■  Power-up  Sequencing 

■  On  /  Off  /  Reboot  Switching 

■  Versatile  Zero  U  Mounting 
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NETWORK  BOOT  BAR 

LOCATION:  NBB  Live  Demo  Unit 

SWITCH  PANEL 

Firmware  Version:  1.01 

Plug  Name 

Status 

On 

Off 
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1  ServerJ 
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Plugs 

Setup  |  Log  Out  | 
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Apply  j 

Cancel  | 
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www.wti.com 


(800)  854-7226 


western  telematic  incorporated 

5  Sterling  •  Irvine  •  California  926  1  8-25  1  7 


"Keeping  the  Net.. .Working!" 


NORTEL 

NETWORKS 

®  Juniper  CISCO  SYSTEMS 
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^  Bay  Networks  -  m 


BayStack  450-24T 
Good  as  New  $495.00 


BayStack  470-48T 
L  New  $2,195.00 

>  $395.00j£_ 


NEW  AL2033005 
I  450-1SX  1PORT  SC  1000BSX  MDA 


800-503-1350 


Network  Resource  Solutions,  Inc. 
SALES@NETWORKRS.COM 


www.usednortelnetworks.com 


GBlC's/Cniiles/Parts 

Also  Available:  Extreme,  Adtran 

In  Stock  •  Fast  Delivery  •  No  Expedite  Charges 


COMSTAR,  INC. 

The  ni  Network  Remarketer 

952*835*5502 

Fax  952-835-1927  www.comstarinc.com 


See  the  entire  Generation 
3.0  collection  at: 

BRETTS 

Luggage 
Leather  goods 
Gifts 
Pens 
Clocks 
Lighters 
8  Games 
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CISCO  NORTEL 

NEW  •  REFURB  /  BUY  •  SELL 


Cisco 

WS-C1924G-EH  Roq.  $350 


Fax  Equipment  List 
To  801-377-0078 

NORTEL 

NETWORKS 


Bay  Networks 

CllCOSTtTMiS 
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Cisco  2501  Rag.  $275 
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_ systems 


888-8LANWAN  8M& 

Call  for  Fret  Quote!  (888-852-6926)  www.nle.com 
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Contact  these  companies  today  to  help  you  with  your  training  needs! 

IPexpert,  Inc, 

(866)  225-8064 
I  www.ipexpert.net 
CCIE  (R&S,  SEC,  and  C&S),  CCSP, 
CCNP,  CCNA,  IP  TELEPHONY 


Learnkey,  Inc* 

(800)  865-0165 
|  www.leamkey.com 
Self-paced  online  CD  network 
|  certification  developer  bus/apps 


I  Transcender 

(615)  726-8779 
I  www.transcender.com 
Award-winning  practice  exams 
for  IT  certification 


CBT  Nuggets 

(888)  507-6283  &  (541)  284-5522 
I  www.cbtnuggets.com 
Affordable  training  videos  on  CD. 

MCSE,  MCDBA,  MCSD,  CCNA,  Citrix,  Linux,  A+,  Net+ 


inJJ  Inliii  dii-jnb  ni  (DUUJ  Hiiii-  J  JUi) 


NetSmart  Learning  Partner 


it  careers 


it  careers.com 


DATABASE  ENGINE  DESIGN- 
ER/DEVELOPER-Quantit- 
atively-based  Financial  Manage¬ 
ment  firm  seeks  Database 
Engine  Designer/  Developer 
Duties  include  development  and 
maintenance  of  proprietary 
database  engines,  databases 
for  Company's  computer-  driven 
trading  systems  and  supporting 
accounting  systems  (including 
equities,  options  and  futures 
databases),  reporting  programs 
and  utilities.  PH  D.  in  Computer 
Science  required.  Will  accept 
candidates  with  Master’s  degree 
and  two  years  experience  in  job 
duties.  Salary  according  to 
experience  Mail  resume  to: 
RTC;  600  Route  25A,  East 
Setauket,  NY  11733,  Attn:  RM 

Mphasis  Corporation  has  mul¬ 
tiple  openings  for  the  follow¬ 
ing  positions  at  its  offices  in 
New  York,  NY,  Memphis,  TN, 
Houston.  TX  and  unanticipat¬ 
ed  client  sites  throughout  the 
U.S.:  Programmer  Analyst, 
Software  Engineer,  Project 
Manager,  Management  An¬ 
alyst,  Sales  Engineer,  Bus¬ 
iness  Development  Manager, 
Finance  Manager.  Please 
send  resume,  salary  history 
and  position  applied  for  to  444 
Park  Avenue  South,  Suite 
#503,  New  York,  NY  10016, 
Attn:  H.R.  Manager. 

Oracle  Application  Developer  for 
IT  consulting  company  in 
Fairport,  NY.  Requires  minimum 
two  years  experience  using  SQL 
and  PL/SQL  tools  to  design, 
develop,  troubleshoot  and 
enhance  Oracle  financial  appli¬ 
cations,  including  evaluating  and 
analyzing  user  requirements, 
investigating  and  resolving 
application  issues,  developing 
functional  specifications  for 
enhancements,  customizing  and 
testing  application  upgrades, 
and  developing  and  modifying 
Oracle  financial  module  forms, 
reports  and  operational  proce¬ 
dures.  Send  resume  to  Morgan 
Patric,  Ciber  Inc.,  345  Woodcliff 
Drive,  Fairport,  New  York  14450. 

Sys.  Analyst  to  convert  data 
from  AutoCAD  to  GE  Small- 
world  Customize  GE 

Smallworld  for  Telecom  utility 
networks.  Monitor  objects  in 
PNI  Network  &  ensure  connec¬ 
tivity.  Develop  software  for 
CATV  Design  in  GE  Smallworld. 
Design,  code,  test  &  implement 
Web  based  GIS  solution  for 
Cable  industry  on  Java  to  dis¬ 
play  location  info,  of  fiber,  equip¬ 
ment.  maps,  &  other  geospatial 
data.  BS  in  Comp.  Appls.  +  1  yr 
exp.  In  job  duties.  Also,  1  yr. 
exp.  on  GIS  projects  in  GE 
Smallworld/  Magik.  Comp. 

Salary.  Apply  to:  IMMCO,  11138 
State  Bridge  Road,  #  200, 
Alpharetta,  GA  30022  with  proof 
of  permanent  work  auth. 

System  Analysts  needed. 
Seeking  qual.  candidates  pos¬ 
sessing  BS  or  equiv.  and/or  rel. 
work  exp.  Part  of  the  req.  rel. 
work  exp.  must  include  1  yr 
working  w /  Coldfusion  &  XML. 
Certified  Coldfusion  developer 
preferred.  Duties  include: 
Develop  systems,  databases,  & 
Coldfusion  templates;  Analyze 
user  needs  &  implement 
enhancements.  Work  w  / 

Coldfusion,  XML,  &  SQL  Server. 
Send  res.,  ref.,  &  sal.  req.  to 
Pyramid  Consulting  Inc.,  5335 
Triangle  Parkway,  #510, 

Norcross,  GA  30092. 

Software  Engineers  to  analyze, 
design  develop  appls  using 
VC++,  C++,  VB,  Java,  Java¬ 
Script,  XML.  HTML,  COM/ 
DCOM.  ASP,  Oracle,  IIS,  DLL, 
TCP/IP  under  Windows/UNIX 
OS;  perform  system/functional 
req  analysis;  document  detailed 
project  spec  and  review  concep¬ 
tual  model  with  users;  provide 
training/support  for  related  appl 
software;  perform  debugging/ 
modifications  of  existing  soft¬ 
ware.  Require:  MS  or  foreign 
equiv.  in  CS/Engg.  (any  branch). 
High  Salary.  F/T.  Travel 
involved.  Respond  to:  HR, 
Mindspan  Systems,  Inc.,  6050 
Peachtree  Parkway,  Suite  240- 
214,  Norcross,  GA  30092. 

Data  Recovery  Engineer  for 
computer  data  recovery  and 
engineering  company  in 

Schaumburg,  IL.  Requires  mini¬ 
mum  two  years  experience  diag¬ 
nosing.  repairing  and  recovering 
damaged  data  in  Windows  and 
Mac  environments  including 
recovering  data  from  damaged 
magnetic  and  optical  media  and 
RAID,  file  systems,  mail  and 
SQL  database  systems  and 
using  C++  to  develop  software 
for  data  recovery  procedures. 
The  position  is  located  primarily 
in  Schaumburg,  IL  with  5% 
domestic  travel.  Send  resume  to 
David  Foster,  ActionFront  Data 
Recovery  Labs  Inc.,  1501  E. 
Woodfield  Rd.,  Ste  201 N, 
Schaumburg,  IL  60173. 

NETWORK/NETWARE 

ADMINISTRATOR  want¬ 
ed  by  MRI  centers  in 
Houston,  TX.  Must  have 
degree  or  its  equivalent 
through  proper  evalua¬ 
tion,  plus  exp.  Respond 
by  resume  only  to:  Ms.  F. 
Pahlavan,  M/B  -  #10, 
Universal  MRI  and 
Diagnostics,  Inc.,  3115 
West  Loop  South  #2, 
Houston,  TX  77027. 

.Net,  C#  IT  Professionals 

Reahum  Resources  is  seeking 
software  architects  and  software 
engineers  with  college  degree  or 
equivalent  combination  of  edu¬ 
cation  and  experience  in  com¬ 
puter  science/  EE  background, 
to  provide  consulting  services  to 
our  clients  in  various  undeter¬ 
mined  locations  throughout  the 
country.  We  require  5  yrs  of 
experience  including  projects 
involving  combination  of  one  or 
more  VB.Net,  VC++.Net,  C  #, 
SQL  2000.  Send  resume  to 
Sara,  Reahum  Resources, 
13911  Ridgedale  Dr.,  Ste.  300A, 
Minnetonka,  MN  55305. 

Computer 

AlphaSoft  Services  Corp.  is  a 
rapidly  growing  systems  integra¬ 
tion  &  software  development  ser¬ 
vices  provider.  We  are  currently 
recruiting  for  the  following  FT 
openings  in  Walnut  Creek,  CA: 

'Software  Engineers 
'Computer  Programmers 
‘Project  Engineers 
*Jr.  Project  Engineers 

All  positions  may  require  travel 
and/or  temporary  relocation.  For 
more  information,  please  visit  our 
website  at  www.alphasoftser 
vices.com.  Apply  by  mail  to  HR, 
2121  N.  California  Blvd.  #350, 
Walnut  Creek,  CA  94596,  (925) 
932-3743  -  fax.  or  email 

ITJOBS@alphasoftservices.com. 

Aero  Service  is  looking  for  MIS, 
Programmer/System  Analysts, 
Software,  Electrical,  Industrial  or 
Project  Engineers,  Tech  Re¬ 
cruiters.  Bachelor  or  Master 
degrees  and  experience  re¬ 
quired  depending  on  positions. 
Please  send  resumes  to  cor- 
pjobs@acrocorp.com  EOE.  No 
phone  calls. 

System/Programmer  Analysts, 
Software/Project  Engineers  or 
other  IT  professionals  wanted  by 
Imetris,  an  e-business  solutions 
provider.  MS/BS  &  exp.  re¬ 
quired.  Skills  in  Oracle,  SQL, 
Java,  SAP,  PeopleSoft,  ERP 
tools  preferred.  Competitive 
wages.  Please  contact 

info@imetris.com.  EOE. 

Software  Dev.  Co.  req.  Software 
Engineer  w/MS  &  lyr  exp.  & 
Programmer  Analyst  w/BS  &  24 
mos.  EXP.  in  foil:  Visual  Basic, 
Oracle,  PowerBuilder,  Sybase, 
Java,  Unix,  C++,  AS/400,  SQL 
Serv.,  Synon,  Cobol,  Lotus 
Notes,  SAP,  Java  Script,  HTML, 
DB2,  Corba,  CICS,  ILE,  RPG, 
EJB,  Siebel,  JD  Edwards, 
Weblogic,  Rational  Rose.  Equiv. 
Deg.  &  exp  also  accepted. 
Travel  &  Relocation  req.  any¬ 
where  in  U.S.  Send  res.  to  Attn: 
Recruiter,  Allied  Informatics, 
Inc.,  2797  Praire  Avenue,  Suite 
16,  Beloit,  Wl  53511. 

Optimal  Solutions  Inte¬ 
gration,  Inc.  has  multiple 
openings  for  SAP  and  i2 
Consultants,  Software 
Analysts  and  System 
Analysts.  Please  send 
resume  with  salary  history 
and  requirements  to 
Optimal  Solutions  Integ¬ 
ration,  8445  Freeport 
Parkway  #240,  Irving,  TX 
75063.  Open  to  Green 
Card  holders  or  US 
Citizens. 

Internet  company  seeks 

PhD  Research  Engineers 

responsible  for  innovative 

research.  Interested  appli¬ 
cants  should  send  resumes 

to:  K  Wolfe;  1501  Salado; 

Mt.  View,  CA  94043.  Visit 

www.google.com  for  addi¬ 
tional  information. 

Meridian  Technologies  looks  for 
IT  professionals  for  various  posi¬ 
tions  in  the  area  of  Oracle,  SAP, 
SQL,  Java,  Web  applications, 
Unix,  etc.  Candidates  must  have 
BS  or  equivalent  with  some  IT 
experience.  Travel  required  for 
some  positions.  Please  contact 
marali@meridiantech.net.  EOE. 

ANA  Associates  has  openings 
for  software  engineer,  system/ 
programmer  analyst.  Qualified 
applicants  must  have  BS  with  1- 
yr  exp.  Skills  in  Java,  VB, 
Oracle,  SQL,  web  technology 
are  strong  plus.  We  are  small 
but  stable.  Competitive  wages 
Apply  at  anees@anaconsult- 
ing.com.  EOE. 
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Software  Analyst  required  by  IT 
company  head  office  in  New 
Jersey,  for  an  opening  in 
Greensboro,  NC  for  now.  but 
with  various  unanticipated  loca¬ 
tions  within  the  U.S.  Applicants 
must  have  bachelor’s  degree  in 
Computer  Science  or  Electron¬ 
ics  Engineering  (or  foreign  equi¬ 
valent)  with  min  5  yrs  overall 
exp.  Required  skills  includes 
strong  BroadVision  (6.0  and 
above),  ABAP/4  (IDOC/BDC/ 
RFC/BAPI,  SAP  4. OB  and 
above),  C++,  JAVA,  and  XML  on 
UNIX.  Must  be  able  to  design 
and  develop  SAP  interfaces 
using  ABAP/4.  IDOC's  ,  BAPI 
with  BroadVision  Retail  Com¬ 
merce  6.0  Must  able  to  use 
Dom/SAX  Parser,  C++  and 
BroadVision  API  to  create  back¬ 
end  Unix  services.  Please  send 
resumes  to  P.  Maggon,  Artech 
Information  Systems,  60B 
Columbia  Road,  Morristown,  NJ 
07960. 


Software  Engineers  to  provide  in 
depth  analysis,  design,  develop¬ 
ment  and  testing  services  for 
database  development  projects; 
responsible  for  project  scoop¬ 
ing.  planning,  time  and  cost 
schedules,  quality  of  deliver¬ 
ables;  study  and  evaluate  new 
technologies  and  methodolo¬ 
gies;  provide  technical  and  busi¬ 
ness  guidance  for  complex  user 
problems;  guide  team  by  provid¬ 
ing  methodologies  to  be  fol¬ 
lowed;  interact  with  clients  on 
project  related  issues. Require: 
Master's  degree  or  its  foreign 
equiv  in  CS/Engineering  (any 
branch)  or  related  field,  compet¬ 
itive  salary,  F/T.  Travel 
involved.  Resumes  to:  HR, 
Fourth  Technologies,  Inc,  1333 
Lawrence  Exp  way,  #  455,  Santa 
Clara,  CA  95051. 
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Programmer  Analyst.  Sought  by 
Englewood  Colorado  consulting 
company  to  work  in  various 
unanticipated  locations  through¬ 
out  the  U.S,  Analyze,  plan, 
develop,  test  and  document 
computer  programs  including 
network  communication  pro¬ 
grams.  Evaluate  user  requests 
and  software  program  require¬ 
ments  for  new  and  modified  pro¬ 
grams.  Write  specifications, 
code,  test  and  debug  computer 
programs.  Customize  hardware 
and  software  to  client  needs. 
Use  of  Oracle  8i,  PowerBuilder, 
Gupta/Centura  .  SQL  Windows, 
PL/SQL,  C,  C++,  Cobol,  FoxPro, 
SQL  Server  and  Windows  NT. 
Reqs.  Bachelor  or  equivalent  in 
Computer  Science,  Computer 
Engineering  or  related  degree. 
Plus  2  years  in  the  job  offered  or 
2  years  in  a  related  occupation, 
including  Software  Programmer, 
Technical  Consultant  or  Analyst 
Programmer.  $76, 000/year, 
40/hrs/wk,  8AM-5PM.  Respond 
by  resume  to  WORKFORCE 
DEVELOPMENT  PROGRAMS, 
PO  Box  46547,  Denver,  CO 
80202,  and  refer  to  Job  Order 
No.  C05064310. 


Systems  Analyst  (NYC). 
Interface  w/finl  institutions  in  US 
to  gather  systm  info  incl  capaci¬ 
ty  of  existing  systms.  Determine 
user  &  systm  reqmts,  ascertain 
internal  operating  procedures  & 
determine  proper  systms  modifi¬ 
cations  to  automate  or  improve 
existing  systms  taking  into 
account  comp  systm  capabili¬ 
ties,  workflow,  &  scheduling  lim¬ 
itations.  Write  systms  reqmts  & 
interface  w/offshore  prgmrs  in 
s/ware  dvlpt.  Oversee  rollout  of 
systms  in  US.  Utilize  PL/SQL, 
VB,  Sybase  &  VSAM.  Req  Bach 
or  foreign  equiv  in  Engg  or 
Comp  Sci  +  2  yrs  exp  in  job  offd 
or  in  related  job  of  Info  Syst 
Director.  Related  exp  must  incl 
PL/SQL,  VB.  Sybase  &  VSAM  in 
banking  or  securities  trade 
envrmt.  Fax  resume  to:  Ilya 
Bykov.  NEE  Consulting,  Inc.  @ 
212-587-1924. 


Programmer/Analyst  needed  for 
Software  Development,  Servic¬ 
es  &  BPO  firm  located  in  Bur¬ 
lington,  VT.  Job  duties  include: 
Analyze,  develop,  code,  test  and 
implement  computer  software 
applications/systems  in  client 
server  environment  for  clients 
located  along  the  east  coast. 
Use  Oracle,  Progress,  Windows 
NT  and  UNIX.  Perform  work  as 
part  of  a  team  under  direct 
supervision.  Applicant  must 
have  B.S.  degree  in  Computer 
Science,  Business.  Mathematics 
or  Engineering.  Applicant  must 
also  have  2  yrs.  exp.  in  the  job 
duties  described  above  or  in  any 
computer  related  occupation 
which  includes  the  skills  listed 
above.  40hrs/wk,  8:00am-5:00 
pm.  Mon-Fri,  $52,936/yr.  Send 
resume  &  cover  letter  to: 
Vermont  Dept,  of  Employment  & 
Training,  Job  No.  612506.  P.O. 
Box  488,  Montpelier,  VT  05601- 
0488. 


S/W  Engineers  to  analyze,  de¬ 
sign,  develop  appls  using  C++, 
Java.  HTML,  JScript,  JDBC, 
XML,  ASP,  JSP,  Visual  Source 
Safe,  SQL  Server,  Rational 
Rose,  Oracle,  Access  under 
Windows/UNIX  OS;  perform 
system/functional  req  analysis; 
document  detailed  project  specs 
and  review  the  conceptual  mod¬ 
el  with  users;  provide  training/ 
user  support  for  related  appl 
software;  perform  debugging/ 
modifications  of  existing  soft¬ 
ware.  Require:  M.S.  or  foreign 
equiv.  in  CS/Engg.(any  branch) 
with  1  yr  exp  in  IT.  High  Salary. 
Travel  involved.  F/T.  Positions 
available  in  Elgin,  IL  and  Lower 
Gwynedd,  PA.  Resume  to:  HR, 
Fourth  Technologies,  Inc.,  1108 
N.  Bethlehem  Pike,  Suite  8, 
Lower  Gwynedd,  PA  19002. 
Specify  location  desired  on 
resume. 


Computer.  Moneyline  Telerate  a 
leading  financial  information  ser¬ 
vices  firm  seeks  VP/Global 
Trading  Systems  for  NYC  office 
to  direct  /develop  software 
strategies  for  management  of 
data  distribution  systems  Rpts 
directly  to  CTO.  Req'd  BA  in 
CSc/EE/  related  area,  3  yrs  exp 
in  building  global  scalable  real 
time  equity  and/or  fixed  income 
systems,  w/full  life  cycle  dvlpmnt 
from  inception  to  delivery,  initiat¬ 
ing  devising,  monitoring,  review¬ 
ing  strategic  plans,  8  performing 
gap  analysis  to  ensure  that 
dvlpmnt  projects  meet  long- 
range  financial  goals.  7  years 
exp  req'd  w/IBM  MQ  Series, 
Ttbco  TIB  &  Rendezvous,  Hawk 
System.  Triarch.  SmartSocket, 
IP  multicast,  STAMP/FIX/JMS  & 
mathematical  optimization  algo¬ 
rithms,  data  compression  algo¬ 
rithms,  data  encryption  &  securi¬ 
ty  on  distributed  systems;  in 
overseeing  through  intermediate 
management  the  design  &  cre¬ 
ation  of  detailed  software  sys¬ 
tem  specifications;  &  in 
researching/implementing  best 
practices  in  dvlpmnt  strategies. 
No  search  firms.  Send  e-mail 
w/resume  &  comp  rqmts  to 
recruiting@moneyline.com 


Research  &  Applications  Spec¬ 
ialist  -  Dvlp  large  complex  em¬ 
bedded  real-time  systems  & 
commercial  enterprise  systems. 
Plan  &  direct  dvlpmt,  installation, 
maintenance  &  modification  of 
mission-critical  applies  on  large 
multi-user  systems.  Lead  &  pro¬ 
vide  research  &  engg  direction. 
MS  +  5  yrs  or  PhD  +  2  yrs  exp 
reqd.  Must  have  1  yr  exp  in  C,  in 
C++  &  Java,  6  mos  w/SAGE 
Integration  technologies,  1  yr  in 
DSP  using  VxWorks,  1  yr  in 
enterprise  architectures,  1  yr 
w/source  control  dvlpmt  tools,  & 
6  mos  in  dvlpg  algorithms  spe¬ 
cific  to  resource  optimization 
techniques. 

Software  Architect  -  Research, 
dsgn,  dvlp  &  test  operating  sys- 
tems-level  s/ware,  compilers  & 
n/work  distribution  s/ware  for 
embedded  real-time  &  enter¬ 
prise  applies.  MS  +  3  yrs,  BS  +  6 
yrs  or  PhD  +  1  yr  exp  reqd. 

Must  have  1  yr  exp  w/each  of 
SAGE  Integration  &  SPI  tech¬ 
nologies;  2  yrs  combined  exp 
w/embedded  systems  dvlpmt 
methodologies  &  real-time  oper¬ 
ating  systems  frameworks  incl. 
VxWorks,  PSOS. 

Competitive  Salary  &  benefits. 
Apply  to:  Human  Resources, 
Tandel  Systems  LLC,  12401 
62nd  Street  North,  Unit  201, 
Largo,  FL  33773-3786. 


Technical  Operation  Specialist 
wanted  by  Nursing  &  Rehab  Ctr 
in  IL  to  provide  tech  support  to 
Info  Systems  staff,  assist  users 
to  resolve  computer  related 
problems  such  as  inoperative 
h/ware  or  s/ware.  Reqd  Assoc 
Deg  or  equiv  in  Comp  Sci.  Will 
accept  equivalency  evaluation  of 
2  yrs  of  academic  studies 
toward  Bach  in  Comp  Sci,  or 
Training  &/or  Exp  in  Comp  as 
equiv  in  lieu  of  Assoc  deg  in 
Comp  Sci.  Respond  to  John 
Marc  Sianghio,  Administrator, 
Harmony  Nursing  & 
Rehabilitation  Center,  3919  W. 
Foster  Ave,  Chicago,  IL  60625. 
No  calls. 


Computer 

eTechnosoft  Corporation  has 
multiple  openings  for  Progra¬ 
mmer/Analyst,  Software 
Engineer,  Project  Lead/ 
Managers.  Send  resume  to: 
8700  W.  Bryn  Mawr  Avenue, 
Suite  800  South,  Chicago.  IL 
60631  or  email  to: 
resume@etechnosoft.com 


Software  Engineer 

(SL-Lfluis^MO) 

Dvelop/test/impl.  large-scale/ 
multi-tier  RDMS  applying  OOD 
in  busi.functionality.  Develop¬ 
ment  tasks  include:  server  side 
busi  logic  modules  using  Unix 
C/C++  &  SQL;  server  utilities  on 
UNIX  using  Korn  Shell/PERL 
scripts,  front-end  GUI  appls. 
using  VB  /  VC++;  statistic  mod¬ 
ules  w/  math  modeling  &  algo¬ 
rithms;  tuning/testing  (plan  & 
unit/system/regression  phases) 
using  Rational  Quantify 
/Purify/PureCov;  and  tech  spt. 
appls.  on  Access.  Require  MS 
plus  1  yr.  exp. 

Sr.  Programmer  Analyst 
(Svs.Adminl  (St,  Louis.  MOl 
Architect/impl  large-scale  infra¬ 
structure/middleware  projects. 
Tasks  include:  analyze/admin/ 
tune  F10K/E10K  Sun  Servers  in 
clustered  env.;  architect/impl. 
portals  &  appl.  servers  fr, 
Websphere/Weblogic;  impl./tune 
middleware  using  MQSeries  & 
RetrievalWare;  impl.  corp.  LDAP 
in  Oracle,  DB2  on  Solaris,  Linux, 
AIX,  Win2000/NT  &  HP-UX; 
and  architect  fraud  detection 
env.  Require  BS  plus  2  yrs.  exp. 

Programmer  (Test)  Analyst 

(Chicago,  IL) 

Design/develop  automated  test¬ 
ing  process  involving  Legacy 
System  in  mainframe/client- 
server  in  WinNT/2000  env. 
Duties  are:  analyze  busi./sys. 
reqs. /rules  and  formulate  test 
plans;  perform  sys./user  accep¬ 
tance  and  regression  testing  in 
mainframe  EDI  env.  using  FILE- 
AID,  ATTACHMATE  and  VAN- 
TIVE;  write  SQL  queries  on  data 
in  LASR-DB2,  MOR-SYBASE, 
ADAPT-ORACLE  and  WINRUN- 
NER-Access;  develop  auto  test 
scripts  using  TSL  and  batch 
tests  in  CR  and  DR  env. 
Requires  BS  plus  6  mon.exp. 

Full  time  w/  competitive  salary. 
Resume  to:  C.  Nottingham,  HR, 
NetEffects,  Inc.,  500  Chester¬ 
field  Center,  Ste350,  St.  Louis, 
MQ63017  NO  CALL/EOE 


Firmware  &  H/W  Eng  - 
(Westhampton,  NJ)  Write  dri¬ 
vers  for  SmartAntenna, 
ATSC,  SCDMA/DOCSIS, 
DAVIC,  OCAP,  DTV.  Debug 
h/w  &  s/w  for  OCAP  STB 
device  designs  using  JTAG, 
Partnet  ET-II,  Cygwin, 
SmartAntenna,  CMTS/CM, 
Matlab,  VEFtA/HDL,  Synpsis, 
OpenTV  &  DTV.  Write  FEC 
(Fteed  Solomon,  Trellis, 
Interleaver)  algorithms,  test 
benches  &  behavior  mdls  to 
verify  h/w  &  chip  design. 
Bach's  deg  in  Comp  Sci, 
Physics  or  Elect  Engrg  reqd  + 
3  yrs  exp  in  job  offered.  Snd 
resume  to  MECA/Panasonic 
Semiconductor,  550  South 
Winchester  Blvd,  Ste  300, 
San  Jose,  CA  95128,  Attn: 
Todd  Windley,  SG _ 


Vignette  Content  Management. 
Seeking  Vignette  developers 
with  strong  Java  skills  and  expe¬ 
rience  creating  Detailed  Design 
Documents  for  Vignette.  Java 
Developers.  Design  Java 
Business  Component,  Action 
Component  and  Presentation 
Component  using  OOD 
Techniques  and  state  diagrams 
using  UML.  Technical  Services 
Manager-Healthcare.  Individual 
to  participate  in  developing  and 
implementing  self  provisioning 
web-services  based  process 
automation  solutions  for  health¬ 
care  payer  industry.  Must  under¬ 
stand  third  party  requirements 
related  to  data  storage,  trans¬ 
mission  and  transactions  includ¬ 
ing  claims  adjudication.  Will 
work  with  IT  staff  and  end  users. 
Submit  resume  and  references 
to  HR  Trac  USA,  50  Carriage 
Drive  Piscataway  NJ  08854 
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SR.  VISUAL  BASIC 
CONSULTANT 

Analyzes  &  evaluates  existing  or 
proposed  software  sys.  Dvlps, 
implmnts  &  improves  programs, 
sys.  &  related  procedures  to 
process  data  using  in-depth 
knowledge  of  the  software 
dvlpmnt  life  cycle.  Encodes, 
tests,  debugs  &  installs  operat¬ 
ing  progs.  &  other  sys.  software 
utilizing  advanced  knowledge  of 
Vis.  Basic  prog  tools.  Bach, 
degree  (or  equiv.)  in  Comp.  Sci„ 
Math,  Engnrg,  Bus.  or  Com¬ 
merce  +  3  yrs  exp.  in  position 
offered  or  as  a  Software  Engnr, 
Prog.  Analyst  or  Sys.  Analyst 
reqd.  Exp.  must  ind:  (1)  Oper. 
Sys:  Windows  or  UNIX;  (2) 
Prog.  Langs:  Vis.  Basic,  ASP  & 
XML;  &  (3)  Dbases:  Oracle  or 
Sybase  or  SQL  Server.  High 
mobility  preferred.  40  hrs/wk, 
8am  -  5pm,  $64,240/yr.  Qual¬ 
ified  applicants  submit  resume 
to:  Mon  Valley  Regional  Career- 
Link,  Attn:  Actg.  CL  Program 
Supervisor,  Donora  Industrial 
Park,  570  Galiffa  Drive,  Donora, 
PA  15033.  Please  refer  to  Job 
Order  No.  WEB  380917. 


Senior  Systems  Software 
Engineer  (Milwaukee,  Wis¬ 
consin)  Research,  design, 
develop,  test  &  support  telecom 
&  data  processing  applications  & 
systems.  Apply  working  knowl¬ 
edge  of  Next  Generation 
Softswitch  &  Media  server  sys¬ 
tems  to  the  development  of  call 
center  &  VoIP  based  products  & 
features  addressing  software 
architecture  using  UML/OOAD 
methodologies  incorporating 
AIN  service  concepts.  Imple¬ 
ment  software  based  on  SS7, 
ISUP,  TCAP,  H323,  H248,  SIP, 
El,  T1  &  ISDN  signaling  proto¬ 
cols  &  VoIP  technologies  for 
Real  time  sub-systems  using 
UNIX/LINUX,  Windows  NT/ 
2000;  C,  C++,  JAVA,.  VC++, 
SQL;  PVCS/Clear  Case; 
SDL/FSM;  Protocol  Analyzers. 
BS/MS  in  Computer  Science, 
any  Engg,  or  related  field,  &  rel¬ 
evant  exp.  req'd.  Send  resume 
to  Vivian  Fernandes,  MBT 
International,  Inc,  5215  N. 
Ironwood  Rd,  Ste  106,  Glendale, 
Wl  53217. 


Director,  Skyris  Networks, 
Cambridge,  MAWill  research, 
design,  develop  &  manage,  net¬ 
working  protocol  software,  & 
commercial  deployment  of  dis¬ 
tributed  applicns,  based  on  the 
Skyris™  Protocol.  Requ: 
Bachelor's  Degree  in  Comp  Sc; 
2yrs  exp  as  Systems  Software 
Engr;  knowledge  of  Distributed 
Systems  &  Networking  technolo¬ 
gies,  Adaptive  Communication 
Environment,  Distributed  Hash 
Tables;  &  domain  expertise  in 
Peer-to-Peer  technologies,  mar¬ 
kets,  &  "The  Skyris  Protocols 
and  System".  Send  resume  & 
proof  of  authorization  to  work 
permanently  in  US  to:  Chris 
Weiss,  Office  Manager,  Skyris 
Networks,  Inc.  &  Stirling  Bridge, 
59  Pleasant  Street,  Cambridge, 
MA02139.  No  phonecalls. 


Programmer  Analyst  needed  for 
IT  consulting  firm  located  in 
Burlington,  VT.  Job  duties  in¬ 
clude:  Develop  computer  appli¬ 
cations  for  clients  located 
throughout  the  eastern  U.S. 
specifically  installing,  configur¬ 
ing,  and  integrating  the  Siebel 
software  package  with  other 
systems  of  the  client  including 
mainframe,  SAP,  and  Oracle. 
Connect  the  newly  developed 
system  to  the  web  at  client's 
request.  Work  as  a  part  of  a 
team  under  direct  supervision. 
Applicant  must  have  B.S.  de¬ 
gree  in  Computer  Science, 
Business,  Mathematics  or  En¬ 
gineering.  Applicant  must  also 
have  1  yr.  exp.  in  the  job  duties 
described  above  or  in  any  com¬ 
puter  related  occupation  which 
includes  the  skills  listed  above. 
40hrs/wk,  9:00  am-5:00  pm, 
Mon-Fri,  $52,936/yr.  Send  res¬ 
ume  &  cover  letter  to:  Vermont 
Dept,  of  Employment  &  Training, 
Job  No.  612502,  P.O.  Box  488, 
Montpelier,  VT  05601-0488. 


SYS/NETWK  ADMSTR.  Perfrm 
sys  &  netwk  adminstratn  of  Unix 
servrs.  Evluate  &  recommend 
HW/SW  reqs;  &  prject  planng  & 
executn  mgmt.  Trblshoot  &  han¬ 
dle  HW/  SW  rltd  probs.  Setup  & 
maintn  SAN  &  Clusters  for  hi 
availability.  Dvlp  tools  for  perfrm- 
nc  &  admin  efficiency.  Setup  & 
maintn  remote  installatn  servr. 
Adminstr  E-test  envirnmt;  test 
executn  of  Logical  Volume  Mgr 
on  Advnc  File  sys  &  TruClusters; 
&  sys  backup  &  restoratn.  Req: 
Bach  degr  in  CS,  EE  or  ME  +  3 
yrs  exp  in  job  offrd  or  as 
Unix/Sys  Admstr  or  Unix  Engr  + 
spec  reqs  of  Unix  sys  &  netwk 
adminstratn,  Unix  servr  SW/HW, 
Unix  Security  Mgmt,  HP-UX  sys 
&  netwk  adminstratn,  HP-UX 
SW  Configuratn  Mgmt  sys,  write 
code  &  script  for  tools  dvlpmt, 
SAN,  Volume  Mgr  &  Cluster. 
Sal:  $78,280/yr.  Loc:  Nashua, 
NH.  8am-5pm,  40hrs/wk.  Send 
2  copies  of  resume/letter  of 
application  to:  Job  Order  # 
2004-004,  P.O.  Box  989, 
Concord,  NH  03302-0989.  Must 
have  proof  of  legal  authority  to 
work  in  U.S. 


Sr.  Sys.  Analyst  for  software 
dev.,  planning,  project  &  team 
mgmt.  Perform  system/  req. 
analysis,  review  client  b/z  sols., 
&  end  user  needs.  Perform  data¬ 
base  design  using  ERWIN, 
resource  allocation  &  develop 
web/  eCommerce  systems  using 
ASP.Net,  C#,  Active  Server 
Pages,  VB.Net,  Visual  Basic  6.0, 
VB  Script,  Java  Script,  SQL 
Sen/er  2000,  Com+,  XML,  XSL, 
Acrobat  PDF,  Rational  Rose, 
ER-Win,  Windows  2000/  WinNT. 
Customize,  upgrade  &  maintain 
software  packages:  Ebix-Asp 
and  Ebix-Exchange.  Evaluate 
code  against  stds.  &  maintain 
proj.  docs.  BS  in  Comp.  Applns. 
+  2  yrs.  exp,  in  job  duties. 
Comp,  salary  at  prev.  wages. 
Apply:  HR,  EBIX,  5  Concourse 
Parkway,  #  3200,  Atlanta.  GA 
30328  with  proof  of  permanent 
work  authorization. 


Software  Engineer  -  Ft. 
Lauderdale,  FL  -  to  research, 
design,  develop,  implement  and 
test  application  software  in 
C/C++  and  DataCore  SAN- 
central  DevSuite  (SCDS)  in 
Windows  environment  for  stor¬ 
age  management  software; 
write  Snap-Ins  using  COM  in 
Microsoft  Management  Console; 
SCSI,  TCP/IP  and  UDP  proto¬ 
cols;  I/O  subsystems,  software 
drivers,  operating  systems  and 
storage  area  network.  M.S.  in 
Communication  Engineering  or 
the  equivalent  and  one  year  in 
job  offered.  Apply  with  resume 
to  Principal  Factotum.  Datacore 
Software  Corporation,  6300  NW 
5th  Way,  Fort  Lauderdale,  FL 
33309. 


PROGRAMMER  ANALYST 

Hexaware  Technologies  Inc.  is 
seeking  a  Prog.  Analyst  to  work 
in  Lisle,  IL  to  anlyz,  dsgn  & 
implem.  sftwr  systs  &  applcns. 
BS  in  Comp.  Sci.,  Comp.  Info. 
Syst  or  Electronics  Engrg  +  2  yrs 
exp.  as  a  Sftwr  Engr,  Prog. 
Analyst  or  Consltnt  rqd.  Must 
have  exp.  utilizing  Obj.  Oriented 
Anlys  &  Dsgn,  SQL  Serv.  & 
Oracle  Serv.  RDBMS,  VB  6.0  for 
syst  anlys  &  dsgn,  Oracle  Forms 
4.5/5.0,  Oracle  Rpts  2.5/3.0  & 
Crystal  Rpts.  High  mobility  pre¬ 
ferred  Resume  only  to:  R. 
Ravindran,  Dir.-HR,  Hexaware 
Technologies,  Inc.,  4343 
Commerce  Ct.,  Ste.  618,  Lisle, 
IL  60532. 


Systems  Analyst,  NH  based  IT 
firm.  Need  4  yrs  of  exp.  on  the 
Job  or  as  Network  Admin.  Skill 
req:  C,C++.TCP/IP,  IPX/SPX, 
NetBEUI,  LDAP,  RIP.IGRP, 
ICMP,  SNMP,  HDLC,  FDDI, 
SMTP,  IMAP,  POP3,  TELNET, 
DHCP,  LDAP,  RAS,  CHAP, 
L2TP,  MISPIus,  NFS,  UDP/IP, 
SNA,  Microsoft  Exchange 
Server  2000, 5.X  Novell  MHS 
Mail,  MS  Internet  information 
Server,  Wingate  Proxy, 
Microsoft  Proxy,  Win  98,  2000  & 
NT.  HRD,  Software  Research 
Group,  Inc.,  75  Gil  Crest  Rd,  Apt 
#  200,  Londonderry,  NH,  03053 


Sr.  Architect,  Information  Sys¬ 
tems.  Provide  guidance  &  ex¬ 
pertise  on  software  design,  dev. 
&  architecture  in  multiple  areas 
w/  primary  focus  on  internet 
tech.,  Siebel  CRM  implementa¬ 
tion,  Enterprise  Application 
Integration  &  Security  &  Identity 
Mgmt.  tech.  Possess  in  depth 
technical  knowledge  &  dev.  level 
skills  in  progr.  languages  (Java, 
C++,  C),  Messaging  &  EAI  tech¬ 
nologies  etc.  Req  M.S.  Comp. 
Sci.  &  1  yr  of  exp  in  job  or  1  yr 
exp  as  a  Sr.  Software  Engineer. 
Send  ad  &  resume:  Kyle  Foster, 
Amgen  Inc.,  One  Amgen  Center 
Dr.,  Thousand  Oaks,  CA  91320- 
1799  (jobsite). Include  Ad#03- 
488FV. 


Computer  specialist,  Naples,  FL. 
40  hrs/wk,  8am-5pm,  $15/hr. 
Req's  HS  education,  one  yr 
training  in  computer  related  field 
&  two  yrs  exp  in  job  offered. 
Work  on  PC  network  in  insur¬ 
ance  office.  Train  staff  on  all 
hardware  &  software.  Interface 
on  all  computer  related  issues. 
Repair  &  service  office  equip  incl 
printers,  fax,  copy  machines. 
Verifiable  references.  Send 
resume  to  Agency  for  Workforce 
Program  Support,  P.O.  Box 
10869,  Tallahassee,  FL  32302- 
0869;  Ref:  JOFL  #2469123. 


Software  Engineers  to  analyze, 
design  develop  appls  using  OO 
Methodologies,  VC++,  C++,  Ja¬ 
va,  HTML/DHTML,  XML,  XSL. 
SQL,  Perl,  Oracle  under  Win- 
dows/UNIX  OS;  perform  project 
scoping,  planning  time/cost 
schedules,  quality  of  deliver¬ 
ables;  perform  tune  up  to  im¬ 
prove  system  performance; 
study,  evaluate  new  tech/meth¬ 
odologies;  provide  technical 
guidance  for  complex  user 
problems.  Require:  MS  or  for¬ 
eign  equiv.  in  CS/Engg.  (any 
branch)  &  1  yr  exp.  in  IT.  High 
Salary.  F/T.  Travel  involved. 
Resumes:  HR,  Unilinx,  Inc., 
4625  Alexander  Dr.,  Ste  110, 
Alpharetta,  GA  30022. 


BUSINESS  ANALYST.  Keller, 
Texas.  Require  Bachelor's 
degree  in  a  technical  discipline 
such  as  engineering,  physics  or 
math  &  MBA,  data  modeling  and 
data  analysis  experience,  & 
graduate  course  work/project  or 
previous  work  experience  using 
statistics  software  applications. 
Send  resume  to  Corning  Cable 
Systems,  LLC,  Attn:  Human 
Resources  Manager,  9275 
Denton  Highway,  Keller,  Texas 
76248.  NO  PHONE  CALLS 
PLEASE. 


Vice  President,  Network 
Engineer:  Must  have  bach¬ 
elor's  degree  in  business  or 
computer  information  sys¬ 
tem.  Location:  Wilmington, 
DE.  Fax  CV  to  Brandywine 
Medical  Management  at 
302-984-2575. 
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Trials  and  tribulations 

Microsoft  faces  a  number  of  challenges  with  its  major 
revenue-producing  products,  and  with  keeping  its  corporate 
customers  secure,  happy  and  away  from  Linux.  Here  is  a  look 
at  some  of  the  issues  going  forward. 


Challenges 

Strategies 

Threats 

Microsoft  must 
find  new  ways  to 
generate  new 
customers, 
upgrades. 

Longhorn  is  the  bet,  but  think  devices, 
devices,  devices  —  handhelds,  PDAs, 
tablets,  GPS  and  scanners. 

Unux/Open  source.  Microsoft  feels 
heat  in  Europe  and  with  new 
businesses.  Gartner  says  Windows 
could  lose  5%  to  10%  market 
share  to  alternative  operating 
systems.  The  bottom  line  is  David 
only  nibbles  on  Goliath. 

Approaching 
ceiling  in  server 
operating  system 
market. 

Integration  of  Windows  server  and  server 
applications.  Exchange  and  SQL  Server  are 
leading  growth,  SharePoint  and  Jupiter 
are  promising. 

Linux/Open  source  again,  but  a 
bigger  threat  here. 

Management  of 
platform. 

Dynamic  Systems  Initiative  is  a  long-term, 
ill-defined  bet  to  manage  Windows  from 
the  application  level  on  up. 

IBM,  HP,  Sun  and  others  are  riding 
on  the  utility  computing 
bandwagon. 

Security  bugs 
gnawing  at 
customer  resolve. 

Improve  patching  tools  and  tune  system 
defaults.  Security  is  said  to  be  job  No.1, 
but  the  results  are  sketchy. 

Slow  progress  means  customers 
continue  to  beat  up  Microsoft  on 
this  issue,  or  worse,  quit  fighting 
and  go  somewhere  else. 

Licensing  6.0 
program  still  in 
disarray. 

Convert  customers  whose  old  contracts 
are  due  to  expire.  Attraction  is  additional 
services  and  support. 

Licensing  could  be  final  straw  for 
frustrated  users. 

Microsoft 

continued  from  page  1 

last  year,  a  sure  sign  it  is  trans¬ 
forming  from  high-flying  tech 
Titan  to  blue  chip. 

The  transformation  was  recon¬ 
firmed  at  the  company’s  annual 
financial  analyst  confab  in  July 
where  annual  new  product 
demonstrations  were  replaced 
by  staid  assurances  of  “boosting 
the  business  value  of  software” 
and  talk  of  revenue  dips  in  fiscal 
2004. 

“The  company  is  maturing  and 
in  general  [CEO  Steve]  Ballmer 
and  [Bill]  Gates  are  a  lot  more 
careful,”  says  David  Smith,  a  vice 
president  at  Gartner.  “They  main¬ 
tain  an  edge,  but  they  have  soft¬ 
ened  it  a  bit.” 

But  Microsoft  isn’t  softening  as 
a  technology  powerhouse.  It  has 
$51  billion  in  cash  and  a  $6.9  bil¬ 
lion  research-and-development 
budget  focused  on  everything 
from  servers  to  the  XBox  game 
system.  Its  client  operating  sys¬ 
tem  and  Office  suite  each  own 
more  than  93%  of  their  markets; 
both  maintained  sky-high  oper¬ 
ating  margins  in  the  company’s 
2003  fiscal  year,  ended  in  June; 
and  together  they  supplied  62% 
of  revenue  and  98%  of  profits. 

Such  numbers  make  old  habits 
die  hard,  so  not  surprisingly,  the 
company’s  growth  plans  are 
familiar.  This  was  evidenced  by 
a  reorganization  late  last  year 
that  created  the  Windows  Core 
Operating  System  Division, 
which  will  focus  on  develop¬ 
ment  of  the  client  and  server 
operating  system. 

Microsoft  is  looking  to  capital¬ 
ize  on  its  desktop  dominance 
and  emerging  server  empire, 
which  are  core  to  a  new  genera¬ 
tion  of  products  under  the  Long¬ 
horn  banner.  The  division  will 
meld  the  contents  of  Microsoft’s 
software  portfolio,  integrate  it 
with  other  platforms  on  the  back 
of  XML,  and,  according  to  a  re¬ 
cent  report  by  Goldman  Sachs, 
potentially  initiate  the  largest 
upgrade  cycle  in  the  company’s 
history. 

“The  simple  summary  is  that  we 
believe  that  we’re  just  at  the 
beginning  of  what  we  can  do 
with  software,”  Chairman  and 
Chief  Software  Architect  Bill 
Gates  said  in  October. 

Feeding  the  cash  cows 

Although  Longhorn  is  the 
future,  the  technology  is  not  ex¬ 
pected  to  be  generally  available 
for  at  least  two  more  years.  In  the 
interim,  Microsoft  must  nurture 
its  client  operating  system,  its 


server  operating  system  and 
Office  businesses,  the  only  three 
of  Microsoft’s  seven  business 
units  turning  a  profit. 

Revenue  growth  in  its  client 
operating  system  and  Office  busi¬ 
nesses  has  been  positive  but  ane¬ 
mic  over  the  past  couple  of  years, 
but  the  company  projects  single¬ 
digit  declines  for  both  business 
units  in  2004  compared  with 
2003.  Meanwhile,  the  company’s 
Windows  Server  business  might 
be  hurtling  toward  the  same 
crossroads. 

On  the  client  operating  system 
side,  the  plan  is  to  move  existing 
users  to  older  systems  and  find 
new  markets  for  its  operating  sys¬ 
tem.  There  are  350  million  PCs 
running  Windows  NT  or  9x  that 
Microsoft  wants  to  convert  to 
Windows  XR  a  goal  laid  out  by 
Jim  Allchin,  group  vice  president 
of  the  platforms  group,  in  July 
Many  of  those  converts  might  be 
forced  because  Microsoft  has 
ended  or  is  about  to  end  support 
for  those  legacy  clients. 

The  company  also  hopes  to 
put  an  operating  system  in  other 
types  of  computers,  including 
handhelds,  tablet  PCs  and  smart 
devices,  and  create  multi-PC  net¬ 
worked  households  that  use  the 
Media  Center  operating  system 
as  a  hub,  according  to  Allchin. 

On  the  server  operating  system 
side,  Microsoft  owns  almost  55% 
of  the  market,  though  isn’t  likely  to 
grab  more  than  another  10%  over¬ 
all,  says  A1  Gillen,  an  analyst  with 
1DC.  He  estimates  that  the  overall 
server  operating  system  market 


will  show  a  compounded  annual 
growth  rate  of  9. 1  %  over  the  next 
five  years,  identical  to  that  of  1997- 
2002. 

“That  is  the  sign  of  a  maturing 
market,”  Gillen  says. 

Lately,  SQL  Server  and  Ex¬ 
change  have  carried  the  load  in 
Microsoft’s  Server  and  Tools  busi¬ 
ness  unit  with  doubledigit  rev¬ 
enue  gains  quarter  by  quarter. 
Microsoft,  which  increased  head 
count  in  its  server  sales  force  by 
12%  last  year,  is  building  on  that 
strength  with  Exchange  2003 
and  the  planned  release  next 
year  of  SQL  Server  Yukon  and 
Visual  Studio.  Net  Whidbey 
development  tools. 

Longing  for  Longhorn 

But  the  focus  for  2004  is  further 
development  of  Longhorn,  Micro¬ 
soft’s  “big  bet  on  galvanizing  the 
next  big  breakthrough  —  even 
bigger,  perhaps,  than  the  first- 
generation  Windows  release,” 
according  to  a  memo  Ballmer 
sent  to  employees  in  June.  The 
statement  was  backed  up  in 
October  with  the  release  of  beta 
code  more  than  two  years  be¬ 
fore  product  shipment,  the  earli¬ 
est  Microsoft  has  ever  let  inde¬ 
pendent  developers  evaluate 
new  code. 

Longhorn’s  first  incarnation  is 
the  client  operating  system,  due 
in  2006,  but  Longhorn  includes 
servers,  development  tools, 
Office  and  even  MSN,  the  com¬ 
pany’s  online  property.  Longhorn 
is  designed  not  only  to  blur  the 
lines  between  applications  and 


data  on  desktops,  servers  and  the 
Internet  but  eliminate  them  and 
make  the  systems  look  like  one. 

Longhorn  has  several  key  ele¬ 
ments  that  support  that  effort,  in¬ 
cluding  Avalon,  a  presentation 
system  for  new  applications;  In¬ 
digo,  an  XML-based  integration 
bus  for  clients  and  servers; 
WinFS,  a  platform-wide  file  sys¬ 
tem;  and  WinFX  ,  a  new  set  of 
APIs. 

Those  underpinnings  grew  out 
of  Microsoft  Research  and  were 
fueled  by  Microsoft’s  massive 
R&D  spending,  which  topped 
$23  billion  over  the  past  five 
years. 

The  desire  to  create  the  Long¬ 
horn  “fat  client”  is  a  direct  attack 
on  rivals  such  as  IBM  and  Sun 
that  want  to  break  Microsoft’s 
desktop  stranglehold  using  Java 
Application  Servers,  portal  inter¬ 
faces  and  browser-based  clients. 

Longhorn  also  is  intended  to 
thwart  Linux  and  open  source. 
Microsoft  wants  to  fight  the 
upstarts  with  a  collection  of  inte¬ 
grated  software  as  opposed  to  in¬ 
dividual  features  and  price  on  the 
client  or  server. 

“If  Microsoft  pulls  off  Longhorn 
the  rewards  are  potentially  signifi¬ 
cant,  but  that’s  a  big  ‘if,’”  says  Neil 
Macehiter,  research  director  with 
Ovum. 

Rivals  sense  the  vulnerability 

A  recent  SG  Cowen  survey 
showed  that  of  respondents  plan¬ 
ning  to  increase  their  use  of  Linux 
in  the  next  one  or  two  years,  more 
than  70%  of  current  Linux  sites 
planned  to  increase  reliance  on  it 
and  29%  planned  to  deploy  it  for 
the  first  time. 

IBM  has  dedicated  $1  billion  to 
Linux  development,  Novell 
bought  SuSe  Linux  for  $210  mil- 
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lion, Sun  recently  released  its  Java 
Desktop  System  built  on  Linux, 
and  Oracle  earmarked  $150  mil¬ 
lion  to  sway  independent  soft¬ 
ware  vendors  to  develop  Linux- 
based  Oracle  applications. 

“If  Novell  can  figure  out  how  to 
glue  its  services  on  to  Linux  they 
can  compete  seriously  with 
Microsoft, ’’says  John  Enck.an  ana¬ 
lyst  with  Gartner.  “If  you  get 
eDirectory  rather  than  Open- 
LDARthat  is  something  real.” 

But  Longhorn’s  success  hinges 
on  Microsoft  polishing  up  its 
reputation. 

“Unless  Microsoft  solves  its 
image  problem,  the  technology 
doesn’t  matter,” says  Rob  Enderle, 
president  of  the  Enderle  Group. 
“Microsoft  is  perceived  as  a  com¬ 
pany  you  cannot  trust,  and  once 
you  have  that  foundation  every¬ 
thing  flows  in  that  direction.” 

The  European  Union’s  antitrust 
case  against  Microsoft  is  reviving 
the  monopoly  tag  and  fueling 
open  source  software  in  Europe 
and  Asia.  That  lawsuit  could  cost 
Microsoft  $3  billion  on  top  of  $1 
billion  it  paid  in  legal  settlements 
in  fiscal  2003. 

Licensing  and  security  flaps  of 
Microsoft’s  own  creation  are 
fueling  customer  angst  and 
resentment. 

The  company’s  controversial  2- 
year-old  Licensing  6.0  plan  and  its 
companion  Software  Assurance 
annuity-licensing  program  has 
only  attracted  30%  of  the  user 
base,  according  to  The  Yankee 
Group.  Designed  to  eliminate 
confusing  licensing  options,  the 
program  instead  raised  fears 
among  customers  about  steep 
price  increases. 

Of  the  70%  not  signed  up,  42% 
have  Licensing  5.0  agreements 

See  Microsoft,  page  57 
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Microsoft  shelves  aging  software 


■  BY  JOHN  FONTANA 

Microsoft  this  week  will  render 
“obsolete”Windows  98  and  Office 
97,  the  first  two  products  in  a  line 
of  aging  software  that  will  see 
support  end  this  year. 

The  move  will  force  some  cor¬ 
porate  users  to  make  upgrade 
decisions  or  opt  for  running 
unsupported  software,  though 
observers  say  Microsoft  has  done 
a  commendable  job  supporting 
old  software. 

“But  that  means  a  lot  of  this  soft¬ 
ware  is  still  in  use,”  says  Dan 
Kusnetzky,  an  analyst  with  1DC. 
The  research  firm  says  Windows 
95,98  and  ME,  which  will  be  obso¬ 
lete  at  year’s  end,  account  for  100 
million  copies  of  the  operating 
system  in  use  today. 

Other  products  on  the  chop¬ 
ping  block  include  SQL  Server 
6.5,  Windows  NT  4.0  Workstation 
and  Server,  and  Internet  Informa¬ 
tion  Server  4.0. Versions  of  Micro¬ 
soft’s  business  software,  Great 
Plains,  Navision  and  Solomon, 
along  with  its  Small  Business 
Server  7.0,  also  will  be  obsolete 
by  year-end.  In  March  2005, 
Windows  2000  Professional, 
Server  and  Advanced  Server  will 
hit  deadlines  for  mainstream  sup¬ 
port, and  users  will  have  to  pay  for 


incident  and  hot-fix  support. 
Security  fixes  will  be  free. 

The  list  means  network  execu¬ 
tives  will  have  to  decide  if  they 
want  to  step  up  to  the  latest  ver¬ 
sions,  contract  with  a  third-party 
that  supports  obsolete  software 
or  run  unsupported,  which 
some  analysts  say  presents  legal 
liabilities. 

“The  risk  to  customers  who 
remain  on  a  product  that  is  no 
longer  supported  is  that  a  situa¬ 
tion  might  arise  where  a  security 
vulnerability  is  discovered  which 
cannot  be  fixed,”  says  Andy 
Erlandson,  director  of  security  pro¬ 
duct  support  services  for 
Microsoft. 

The  company  instituted  its 
Support  Lifecycle  policy  14 
months  ago  to  provide  consisten¬ 
cy  and  predictability  although  the 
dates  have  been  extended  on 
some  products  such  as  NT  and 
Visual  Basic  6,  Erlandson  says. 

The  lifecycle  plan  mandates  five 
years  of  mainstream  support  from 
the  date  a  product  is  released  fol¬ 
lowed  by  two  years  of  fee-based 
extended  support.  Mainstream 
support  includes  no-charge  inci¬ 
dent  support,  paid  incident  ser¬ 
vice,  support  charged  on  an 
hourly  basis  and  hot  fixes. 
Extended  support,  which  is  in¬ 


cluded  as  part  of  Microsoft’s  Soft¬ 
ware  Assurance  maintenance 
plan,  might  include  service 
charged  on  an  hourly  basis  and 
paid  hot  fixes.  Security  fixes  are 
free  throughout  the  life  cycle  of  a 
product. 

“We  have  been  watching  this 
product  life  cycle  carefully  says 
Matthew  Bailey,  LAN  engineer  for 
CSK  Auto,  which  operates 
Checker,  Schucks  and  Kragen 
auto  parts  stores. 

“We  want  to  move  before  patch¬ 
es  are  no  longer  available.  It’s 
important  for  us  because  we  run 
a  small  shop  and  rely  on  our 
Premier  support  contract,”  says 
Bailey,  who  is  one  of  seven  IT  staff 
managing  800  desktops  and  100 
servers  at  the  Phoenix  company 
He  adds  that  10%  of  the  compa¬ 
ny’s  servers  run  on  NT  4.0  but  will 
be  replaced  on  the  company’s 
normal  replacement  cycle. 

Observers  say  users  don’t  have 
to  panic  in  the  face  of  support 
deadlines. 

“The  fact  that  support  is  expiring 
is  significant,  but  the  question 
people  have  to  ask  is  ‘Have  they 
needed  Microsoft’s  help  in  sup¬ 
porting  these  systems  or  has  the 
application  been  stable  enough 
not  to  need  support?”’  IDC’s 
Kusnetzky  says.“Another  question 


Microsoft 

continued  from  page  56 

signed  two  years  ago  to  initially  avoid  6.0. Those  5.0 

[contracts  now  are  coming  up  for  renewal  and 
Microsoft  needs  converts  to  new  contracts.  The 
company  derives  nearly  a  third  of  its  overall  rev¬ 
enue,  which  totaled  $32  billion  in  its  2003  fiscal 
year,  from  money  paid  upfront  for  licensing  and 
other  products  and  services  that  are  delivered  at  a 
later  date  —  so-called  unearned  revenue. 

“If  Microsoft  can  get  20%  to  25%  [of  those  whose 
contracts  are  up  for  renewal]  to  sign  up  for  Software 
Assurance  that  would  provide  a  good  impact  on  rev¬ 
enue,”  says  Laura  DiDio,  an  analyst  with  The  Yankee 
Group. 

However,  early  returns  are  not  promising,  as 
unearned  revenue  was  off  $768  million  between 
June  30  and  Sept.  30, 2003.  Microsoft  now  is  trying  to 
entice  holdouts  with  new  support  and  services 
added  to  Software  Assurance,  since  there  won’t  be 
many  upgrades. 

Microsoft’s  effort  to  win  licensing  converts  has  not 
been  helped  by  security  vulnerabilities,  including 
the  Blaster  worm,  whose  effect  was  so  bad  that  CFO 
John  Connors  cited  it  during  the  October  earnings 
announcement  as  one  reason  the  company  was 
unable  to  close  some  sales. 

Over  the  past  few  years,  the  company  has  trained 
11,000  of  its  developers  in  writing 
secure  code.  Now  it  is  overhauling 
its  patch  management  tools  and 


resetting  defaults  in  its  software  to  err  on  the  side  of 
security  It  has  invested  $100  million  into  its  Trust¬ 
worthy  Computing  initiative  in  the  Windows  division 
to  develop  its  Next  Generation  Secure  Computing 
Base,  a  Longhorn  technology  that  combines  hard¬ 
ware  and  software  to  secure  the  operating  system. 

Integrate,  interoperate 

Addressing  such  problems  is  crucial  for  Micro¬ 
soft  because  large  customers  are  tripping  on  secu¬ 
rity  and  licensing  issues  at  a  time  when  they  want 
to  better  integrate  Windows  into  enterprise  infra¬ 
structures. 

“Microsoft  can’t  take  over  the  world  although  they 
wish  they  could,”  says  Fred  Wettling,  infrastructure 
architect  for  global  engineering  firm  Bechtel.“Micro- 
soft’s  evolution  must  help  move  the  industry  closer 
to  product  interoperability.  They  need  to  drive 
toward  more  openness.” 

Microsoft  is  relying  on  XML  as  the  answer.  Over  the 
past  two  years,  the  company  has  worked  with  IBM  to 
develop  and  promote  Web  services  standards. 
Microsoft  has  opened  more  of  its  source  code  to 
partners,  governments  and  universities. The  compa¬ 
ny  recently  said  it  would  offer  royalty-free  the  XML 
schemas  in  Office,  which  is  code  that  describes  how 
a  document  is  formatted. 

“Is  what  they’re  doing  benevolent?”  Wettling  asks. 
“Probably  not.  But  it  is  part  of  an  evolution  that  on 
some  level  will  help  end  users.” 

Next  week:  Microsoft  looks  for  new 
revenue  opportunities.  ■ 
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is, ‘Does  this  system  talk  to  the  net¬ 
work?’  If  not,  it  is  less  of  a  security 
issue.” 

If  an  unsupported  system  or 
application  is  connected  to  the 
network,  some  say  it  presents  real 
liability  issues. 

“An  unsupported  environment 
is  not  the  technical  concern  it 


was  four  or  five  years  ago,  but 
there  are  larger  ramifications 
such  as  the  risk  of  liability’  says 
Laura  DiDio,  an  analyst  with  The 
Yankee  Group.  “What  about  cus¬ 
tomers  or  business  partners  that 
might  suffer  lost,  altered  or 
hijacked  data  because  of  your 
unsupported  systems?”  ■ 


IBM  expands 
four-way  offerings 

■  BY  JENNIFER  MEARS 

Rapsheets,  which  provides  online  criminal  records  searches,  was 
growing  nearly  25%  per  month  and  was  looking  for  ways  to  beef  up  its 
infrastructure  to  support  the  demand  on  its  expanding  database.  After 
considering  deploying  multiple  2U,  two-processor  servers,  the 
Memphis,  Tenn.,  company  opted  to  deploy  IBM  blade  servers  to  run 
customer  queries. 

“Management  of  those  2Us  is  all  the  difference  in  the  world  because 
they  have  their  own  internal  hard  drives,”  says  CTO  Keith  Grimes, 
explaining  that  the  blades  have  no  internal  hard  drives  and  boot  direct¬ 
ly  off  his  storage-area  network,  which  supports  a  database  of  about  175 
million  individual  records. 

Today,  the  company  runs  10  of  IBM’s  two-processor  Intel  HS20  blades, 
and  Grimes  says  he’s  awaiting  the  new  four-processor  systems  that  IBM 
announced  last  week  and  expects  to  roll  out  next  month. 

That  system,  the  BladeCenter  HS40,is  expected  to  run  2-GHz,2.5-GHz 
and  2.8-GHz  Xeon  MP  processors.  It  will  fit  side-by-side  in  IBM’s  7U 
BladeCenter  Chassis  with  the  Intel-based  two-processor  HS20  server, 
along  with  the  PowerPC-based  JS20  blades  that  should  be  available  in 
March.  IBM  has  yet  to  set  pricing  for  the  blade. 

The  blade  comes  more  than  a  year  after  HP  introduced  its  four-way 
BL40p,  but  analysts  say  IBM  might  have  an  edge  because  of  the  more- 
compact  form  of  the  HS40.According  to  HP’s  Web  site,  12  BL40p  blades 
can  fit  in  a  42U  rack,  while  Richard  Rudd,  product  manager  for  xSeries 
at  IBM, says  users  can  pack  42  HS40  systems  in  the  same  size  rack. 

Also  last  week,  IBM  introduced  an  updated  four-way  system  to  com¬ 
plement  its  existing  four-way  x360  rack-mounted  server.  The  x365, 
which  starts  at  around  $7,000,  runs  on  the  same  Xeon  MP  processors  as 
the  HS40  and  includes  six  internal  hard  drives,  compared  with  just 
three  on  the  x360.  Memory  is  also  expanded  from  eight  DIMM  slots  on 
the  x360  to  16  on  the  x365. 

The  x365  is  an  upgrade  to  the  x360  that  was  rolled  out  almost  two 
years  ago  and  provides  more  storage  and  memory  capacity  for  bigger 
workloads  in  the  same  3U  enclosure.  In  the  past,  customers  that  need¬ 
ed  more  storage  would  have  had  to  either  go  with  a  bigger  system  that 
offered  more  internal  storage  or  take  up  data  center  space  by  attach¬ 
ing  an  external  disk  array,  Rudd  says.  ■ 
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A  dozen  New  Year's  resolutions 


f  as  that  the  first  of  the  year 
that  went  rushing  toward  the 
horizon  with  its  tail  on  fire? 
I’d  better  make  some  New  Year’s  res¬ 
olutions  pronto  . . .  hmm,  let’s  see  . . . 


Resolution  1:  I  will  stop  being 
surprised  at  how  ineffectual  and 
disorganized  —  how  just  plain  awful  —  customer 
service  is  for  AT&T  Wireless.  I  would  adopt  the 
same  policy  for  Verizon’s  customer  service  but  I 
dumped  them  in  December  thinking  that  I  would 
rid  myself  of  a  source  of  stress.  It  turned  out  that 
I  was  simply  exchanging  one  source  of  stress  for 
another. 

Resolution  2:  I  will  never  buy  another  cell 
phone  made  by  LG  ever  again.  How  can  anyone 
make  a  cell  phone  that  doesn’t  organize  its  tele¬ 
phone  directory  alphabetically? 

Resolution  3:  I  will  always  arrive  at  the  airport 
no  less  than  two  hours  before  my  flight,  wear 
shoes  that  can  be  slipped  on  and  off,  remember 
not  to  carry  my  nail  clippers  in  my  roll-on  bag 
and  learn  to  relax  and  be  resigned  to  being  treat¬ 
ed  like  a  cross  between  diseased  cattle,  a  crimi¬ 
nal  and  an  idiot. 

Resolution  4:  1  will  not  expect  that  my  flights 
will  be  on  time  or  that  in-flight  food  will  be  edi¬ 


ble.  I  will  expect  to  be  sandwiched  between  a 
very  fat  person  and  a  woman  with  a  screaming 
baby,  in  front  of  someone  who  uses  the  back  of 
my  seat  to  get  up  just  when  I  have  dozed  off  and 
behind  someone  with  serious  hygiene  issues. 

Resolution  5:  I  will  stop  getting  angry  over  spam 
[Yeah,  right  —  ed.]  and  I  will  stop  hunting  down 
and  trying  to  educate  organizations  [Ditto  —  ed.] 
such  as  DeVry  University  that  uses  spam  but 
should  know  better.  And  I  will  never  have  any¬ 
thing  to  do  with  Phoenix  University,  the  Brooks 
Institute,  Columbia  House,  X10,  Omaha  Steaks, The 
New  York  Times,  Perfumania  and  Hooked  on 
Phonics,  which  all  spam  shamelessly  and  with 
wild  abandon. 

Resolution  6:  I  will  not  write  about  The  SCO 
Group  and  its  ridiculous  lawsuits  again  until 
something  worth  writing  about  happens.  Maybe 
something  like  Dari  McBride  realizing  that  such  a 
thing  as  ethics  exists. 

Resolution  7:  1  will  be  nice  to  people  who  for¬ 
ward  messages  filled  with  stupid,  mawkish  senti¬ 
ments  that  end  with  exhortations  to  “forward  this 
to  10  friends  or  you  will  have  bad  luck  for  all  eter¬ 
nity”!  will  just  delete  the  message  and  add  the 
sender  to  my  blacklist. 

Resolution  8:  1  will  get  up  from  the  computer 
every  15  minutes  so  my  legs  don’t  atrophy  1  will 


take  a  break  at  least  every  eight  hours.  I  will  get  my 
vision  checked  once  a  year.  I  will  sit  up  straight  so 
my  back  doesn’t  fossilize  into  a  curve.  I  will  stop 
playing  solitaire.  I  will  stop  compulsive  browsing. 

Resolution  9:  I  will  apply  every  security  “update” 
that  Microsoft  generates  even  though  I  know  it 
will  occupy  more  time  than  I  can  afford.  And  I 
will  stop  moaning  about  having  to  reboot  after 
every  patch. 

Resolution  10:  1  will  stop  being  so  critical  about 
Microsoft’s  lousy,  bug-ridden  code  and  wild 
unnecessary  feature  creep,  the  company’s  insane 
drive  to  change  application  user  interfaces  for  no 
good  reason,  and  its  bizarre  and  overcomplicated 
architectures  that  unnecessarily  lock  us  into  the 
bowels  of  network  hell  . . .  oh,  darn. 

Resolution  11:  1  will  stop  checking  e-mail  com¬ 
pulsively  1  will  check  it  twice  a  day.  Well,  maybe 
four  times. And  before  I  go  to  bed. And  . .  .oh  darn 
again. 

Resolution  12:  This  year,  I  will  get  a  life.  I  will 
stop  obsessing  about  computers  and  online  stuff 
and  start  doing  other  interesting  things  that  aren’t 
digital.  Wait  a  minute  . . .  there  isn’t  anything  more 
interesting!  Some  parts  of  2004  look  like  they 
might  be  a  lot  like  2003.  Oh  well. 

Your  resolutions  to  backspin@gibbs.com. 


By  Adam  Gaffin 

A  question  of  semantics 

As  information  continues  up  the  OSI 
stack  (Layer  3  switches?  How  quaint. 
This  year,  I  want  IS  to  buy  me  several  application  switches),  the  hackers  —  and 
the  researchers  who  track  them  —  have  been  keeping  up  the  pace. 

Bored  with  simple  packet-type  hacking  and  even  more-sophisticated  applica¬ 
tion-based  worms,  hackers  are  now  into  messing  with  people’s  minds.They’ve 
apparently  gotten  sophisticated  —  and  prevalent  —  enough  to  warrant  their  own 
catchphrase  and  research  project  at  Dartmouth  College:  Semantic  Hacking  (go 
to  www.nwfusion.com,  DocFinder:  9246,  for  details): 

"A  semantic  attack  is  one  in  which  the  attacker  modifies  electronic  informa¬ 
tion  in  such  a  way  that  the  result  is  incorrect  but  looks  correct  to  the  casual  or 
perhaps  even  the  attentive  viewer,”  says  one  of  the  papers  on  the  site.  ‘‘[The 
program]  is  developing  a  categorization  of  semantic  attacks,  as  well  as  imple¬ 
menting  a  set  of  techniques  for  detecting  semantic  attacks." 

One  paper  on  the  site  defines  this  sort  of  hacking  as  “an  attack  directed  at 
the  mind  of  the  user  of  a  computer  system,”  and  posits  a  theoretical  counter¬ 
measure:  “For  example,  faced  with  a  potentially  deceptive  news  item,  an  auto¬ 
mated  countermeasure  might  provide  an  alert  using  adaptive  fraud-detection 
algorithms.” 

All  well  and  good,  but,  urn,  guys,  how  is  this  different  from  propaganda?  And 
who  is  to  say  one  man’s  truth  (DocFinder:  9247)  isn’t  another  man’s  hacking 
(DocFinder:  9248)? 

As  the  authors  of  another  paper  on  the  site  noted  (DocFinder:  9249): 

"Clearly  the  line  between  commercial  uses  of  the  Internet  such  as  advertising, 
which  would  not  be  considered  as  cognitive  hacking,  and  manipulation  of  stock 
prices  by  the  posting  of  misinformation  in  news  groups,  which  would  be  so  con¬ 
sidered,  is  a  difficult  one  to  distinguish.” 


IT  pro:  Heal  thyself 

Jim  Stewart  delves  into  a  leading  principle  in  medicine:  “Learn  one,  do  one, 
teach  one,”  which,  means  doctors  should  strive  to  learn  new  procedures,  do  them 
and  then  pass  on  what  they've  learned  to  other  doctors.  He  wonders  why  IT 
couldn’t  replicate  that  (get  more  information  at  DocFinder:  9250):  "I  wish  that  this 
ethic  existed  in  the  IT  industry. Think  of  the  benefit.  First,  there  would  be  an 
acknowledgment  that  the  new  employees  don’t  know  all  they  need  to  and  aren't 
expected  to  know.  Second,  there  would  be  a  further  expectation  that  it  will  take 
some  time  and  much  effort  to  become  proficient.  And  third,  those  who  are  the 
most  competent  would  be  expected  to  pass  along  [their]  expertise." 

More  2004  predictions 

SlashNot  foretells  the  coming  year,  including:  “Anti-spam  software  will  finally 
become  useful,  allowing  you  to  blame  it  for  not  getting  e-mail  from  people  you 
don't  want  to  talk  to,”  and  "Dell  commercials  will  suck  so  badly  that  a  few  people 
will  actually  die  watching  them.”  See  the  rest  at  DocFinder:  9251. 

Secure  those  proxy  servers 

Adventures  of  an  Open  Proxy  Server  (DocFinder:  9252)  discusses  how  hackers 
are  exploiting  proxy  servers:  “Web  traffic  has  grown  at  a  phenomenal  rate  over 
the  past  seven  years.  Companies  and  ISPs  often  turn  to  caching  proxy  servers  to 
reduce  the  tremendous  load  on  their  networks.  In  order  to  satisfy  the  demands  of 
their  content-hungry  users,  these  proxy  servers  are  often  configured  to  proxy  any 
port,  with  little  regard  to  security.  If  there  are  no  access  controls  blocking  con¬ 
nections  from  outside  the  network,  it  makes  it  possible  to  anonymously  portscan 
the  entireTCP  port  range  of  other  outside  systems.” 

Gaffin  is  executive  editor  of  Network  World  Fusion ,  when  not  filling  in  for  Buzz 
McNamara  who 's  out  on  a  short-term  medical  leave  ( get  better,  Paul!).  Reach  him  at 
agaffin@nww.  com. 


The  new  HP  ProLiant  DL140,  powered  by  the  Intel"  Xeon™  processor,  delivers  the  expandable  performance  your  workload 

demands.  Now  you  can  get  the  ProLiant  reliability  you  expect  at  a  price  you  might  not— and,  through  January  31,  you'll  get  double  the  memory  for  free.  HP's  newest 
server  is  designed  with  the  latest  industry-standard  technologies  to  keep  it  affordable,  easy  to  set  up,  integrate  and  maintain.  The  reliable,  hardworking  DL140  helps  you 
spend  more  time  focusing  on  your  business  and  less  time  serving  your  server.  Demand  more  of  what  you  need.  Demand  a  server  that's  powerfully  simple  and  HP 
dependable.  Demand  it  for  less  from  HP. 


HP  ProLiant  DL140 
SERVER 

with  Free  Double  Memory 

$1,149 

One  Intel®  Xeon™  processor  2.40GHz 
(upgradable  to  2) 

1 GB  SDRAM  for  the  price  of  5 1 2MB 
(upgradable  to  4GB) 

80GB  ATA  Hard  Drive* 

Integrated  Dual  10/100/1000  NICs 

One  PCI-X  64-bit/l 33MHz  slot 

Standard  Quick  Deployment  Rails 

1-Year  Limited  Global  Warranty* 
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To  find  out  more,  visit  www.hp.com/go/hp5  or  call  1-800-888-5814. 
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The  right  management  can  put  you  in  control  of  your  infrastructure, 
not  the  other  way  around. 

Unicenter®  Infrastructure  Management  Software 

So  long,  mayhem.  Managing  on-demand  computing  is  here.  Unicenter  infrastructure  management  software  lets  you  take  control 
of  your  infrastructure  so  you  can  be  more  responsive  to  business.  With  automation  and  self-healing  capabilities  Unicenter  can 
help  control  costs  and  empower  you  to  do  more  with  less.  Unicenter  also  lets  your  infrastructure  react  to  changes  in  real  time, 
so  your  IT  and  business  priorities  are  always  in  sync.  Finally,  it  is  based  upon  a  service-oriented  architecture  that  simplifies 
your  IT  environment,  so  your  infrastructure  is  easier  to  manage.  To  learn  how  to  get  more  value  out  of  your  infrastructure, 
or  to  get  a  white  paper,  go  to  ca.com/infrastructure. 

Computer  Associates® 

©  2003  Computer  Associates  International,  Inc.  (CA).  All  rights  reserved. 


